cybernews

fuite de donnée enregistrée

Latest News


CVE-2025-35978 - UpdateNavi UpdateNaviInstallService Remote Code Execution

CVE ID : CVE-2025-35978
Published : June 12, 2025, 6:15 a.m. | 46 minutes ago
Description : Improper restriction of communication channel to intended endpoints issue exists in UpdateNavi V1.4 L10 to L33 and UpdateNaviInstallService Service 1.2.0091 to 1.2.0125. If a local authenticated attacker send malicious data, an arbitrary registry value may be modified or arbitrary code may be executed.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 12 Jun 2025 06:15:00 GMT

read more

CVE-2025-4973 - Workreap WordPress Theme Authentication Bypass Vulnerability

CVE ID : CVE-2025-4973
Published : June 12, 2025, 6:15 a.m. | 46 minutes ago
Description : The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to authentication bypass in all versions up to, and including, 3.3.1. This is due to the plugin not properly verifying a user's identity prior to logging them in when verifying an account with an email address. This makes it possible for unauthenticated attackers to log in as registered users, including administrators, if they know user's email address. This is only exploitable fi the user's confirmation_key has not already been set by the plugin.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 12 Jun 2025 06:15:00 GMT

read more

CVE-2025-5012 - Workreap - Freelance Marketplace WordPress Theme File Upload Vulnerability

CVE ID : CVE-2025-5012
Published : June 12, 2025, 6:15 a.m. | 46 minutes ago
Description : The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'workreap_temp_upload_to_media' function in all versions up to, and including, 3.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 12 Jun 2025 06:15:00 GMT

read more

CVE-2023-36636 - Apache HTTP Server File Inclusion

CVE ID : CVE-2023-36636
Published : June 12, 2025, 3:15 a.m. | 3 hours, 46 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 12 Jun 2025 03:15:00 GMT

read more

CVE-2025-49814 - Apache HTTP Server Authentication Bypass

CVE ID : CVE-2025-49814
Published : June 12, 2025, 3:15 a.m. | 3 hours, 46 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 12 Jun 2025 03:15:00 GMT

read more

CVE-2025-49815 - Apache HTTP Server Information Disclosure

CVE ID : CVE-2025-49815
Published : June 12, 2025, 3:15 a.m. | 3 hours, 46 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 12 Jun 2025 03:15:00 GMT

read more

CVE-2025-49816 - WordPress XSS

CVE ID : CVE-2025-49816
Published : June 12, 2025, 3:15 a.m. | 3 hours, 46 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 12 Jun 2025 03:15:00 GMT

read more

CVE-2025-49817 - Apache Apache Struts Remote Code Execution

CVE ID : CVE-2025-49817
Published : June 12, 2025, 3:15 a.m. | 3 hours, 46 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 12 Jun 2025 03:15:00 GMT

read more

CVE-2025-49818 - AirVPN DNS Spoofing Vulnerability

CVE ID : CVE-2025-49818
Published : June 12, 2025, 3:15 a.m. | 3 hours, 46 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 12 Jun 2025 03:15:00 GMT

read more

CVE-2025-49819 - Apache HTTP Server Unvalidated User Input

CVE ID : CVE-2025-49819
Published : June 12, 2025, 3:15 a.m. | 3 hours, 46 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 12 Jun 2025 03:15:00 GMT

read more

CVE-2025-49820 - Apache HTTP Server Cross-Site Request Forgery

CVE ID : CVE-2025-49820
Published : June 12, 2025, 3:15 a.m. | 3 hours, 46 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 12 Jun 2025 03:15:00 GMT

read more

CVE-2025-49821 - Dropbox Authentication Bypass

CVE ID : CVE-2025-49821
Published : June 12, 2025, 3:15 a.m. | 3 hours, 46 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 12 Jun 2025 03:15:00 GMT

read more

CVE-2025-49822 - Apache Struts Remote Code Execution Vulnerability

CVE ID : CVE-2025-49822
Published : June 12, 2025, 3:15 a.m. | 3 hours, 46 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 12 Jun 2025 03:15:00 GMT

read more

CVE-2025-6009 - kiCode111 like-girl SQL Injection Vulnerability

CVE ID : CVE-2025-6009
Published : June 12, 2025, 3:15 a.m. | 3 hours, 46 minutes ago
Description : A vulnerability was found in kiCode111 like-girl 5.2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ipAddPost.php. The manipulation of the argument bz/ipdz leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 12 Jun 2025 03:15:00 GMT

read more

CVE-2025-6005 - "kiCode111 like-girl SQL Injection"

CVE ID : CVE-2025-6005
Published : June 12, 2025, 2:15 a.m. | 4 hours, 46 minutes ago
Description : A vulnerability classified as critical was found in kiCode111 like-girl 5.2.0. This vulnerability affects unknown code of the file /admin/aboutPost.php. The manipulation of the argument title/aboutimg/info1/info2/info3/btn1/btn2/infox1/infox2/infox3/infox4/infox5/infox6/btnx2/infof1/infof2/infof3/infof4/btnf3/infod1/infod2/infod3/infod4/infod5 leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 12 Jun 2025 02:15:00 GMT

read more

CVE-2025-6006 - kiCode111 like-girl SQL Injection Vulnerability

CVE ID : CVE-2025-6006
Published : June 12, 2025, 2:15 a.m. | 4 hours, 46 minutes ago
Description : A vulnerability, which was classified as critical, has been found in kiCode111 like-girl 5.2.0. This issue affects some unknown processing of the file /admin/ImgUpdaPost.php. The manipulation of the argument id/imgText/imgDatd/imgUrl leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 12 Jun 2025 02:15:00 GMT

read more

CVE-2025-6007 - "kiCode111 like-girl SQL Injection Vulnerability"

CVE ID : CVE-2025-6007
Published : June 12, 2025, 2:15 a.m. | 4 hours, 46 minutes ago
Description : A vulnerability, which was classified as critical, was found in kiCode111 like-girl 5.2.0. Affected is an unknown function of the file /admin/CopyadminPost.php. The manipulation of the argument icp/Copyright leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 12 Jun 2025 02:15:00 GMT

read more

CVE-2025-6008 - KiCode111 like-girl SQL Injection Vulnerability

CVE ID : CVE-2025-6008
Published : June 12, 2025, 2:15 a.m. | 4 hours, 46 minutes ago
Description : A vulnerability has been found in kiCode111 like-girl 5.2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ImgAddPost.php. The manipulation of the argument imgDatd/imgText/imgUrl leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 12 Jun 2025 02:15:00 GMT

read more

CVE-2022-4976 - InfoZip ZIP Library Multiple Vulnerabilities (Unzip)

CVE ID : CVE-2022-4976
Published : June 12, 2025, 1:15 a.m. | 5 hours, 46 minutes ago
Description : Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundled InfoZip library that is affected by several vulnerabilities. The bundled library is affected by CVE-2014-8139, CVE-2014-8140 and CVE-2014-8141.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 12 Jun 2025 01:15:00 GMT

read more

CVE-2025-30085 - RSForm!pro Joomla Remote Code Execution Vulnerability

CVE ID : CVE-2025-30085
Published : June 11, 2025, 8:15 p.m. | 10 hours, 46 minutes ago
Description : Remote code execution vulnerability in RSForm!pro component 3.0.0 - 3.3.14 for Joomla was discovered. The issue occurs within the submission export feature and requires administrative access to the export feature.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 20:15:00 GMT

read more

CVE-2025-32465 - Joomla RSTickets! Stored XSS Vulnerability

CVE ID : CVE-2025-32465
Published : June 11, 2025, 8:15 p.m. | 10 hours, 46 minutes ago
Description : A stored XSS vulnerability in RSTickets! component 1.9.12 - 3.3.0 for Joomla was discovered. It allows attackers to perform cross-site scripting (XSS) attacks via sending crafted payload.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 20:15:00 GMT

read more

CVE-2025-32466 - RSMediaGallery Joomla SQL Injection Vulnerability

CVE ID : CVE-2025-32466
Published : June 11, 2025, 8:15 p.m. | 10 hours, 46 minutes ago
Description : A SQL injection vulnerability in RSMediaGallery! component 1.7.4 - 2.1.7 for Joomla was discovered. The issue occurs within the dashboard component, where user-supplied input is not properly sanitized before being stored and rendered. An attacker can inject malicious JavaScript code into text fields or other input points, which is subsequently executed in the browser of any user who clicks on the crafted text in the dashboard.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 20:15:00 GMT

read more

CVE-2025-25032 - IBM Cognos Analytics Memory Exhaustion Denial of Service

CVE ID : CVE-2025-25032
Published : June 11, 2025, 6:15 p.m. | 12 hours, 46 minutes ago
Description : IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 18:15:00 GMT

read more

CVE-2025-40912 - CryptX for Perl Malformed Unicode Injection Vulnerability

CVE ID : CVE-2025-40912
Published : June 11, 2025, 6:15 p.m. | 12 hours, 46 minutes ago
Description : CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode. CryptX embeds the tomcrypt library. The versions of that library in CryptX before 0.065 may be susceptible to CVE-2019-17362.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 18:15:00 GMT

read more

CVE-2025-49150 - Cursor JSON File Remote Request Vulnerability

CVE ID : CVE-2025-49150
Published : June 11, 2025, 6:15 p.m. | 12 hours, 46 minutes ago
Description : Cursor is a code editor built for programming with AI. Prior to 0.51.0, by default, the setting json.schemaDownload.enable was set to True. This means that by writing a JSON file, an attacker can trigger an arbitrary HTTP GET request that does not require user confirmation. Since the Cursor Agent can edit JSON files, this means a malicious agent, for example, after a prompt injection attack already succeeded, could trigger a GET request to an attacker controlled URL, potentially exfiltrating other data the agent may have access to. This vulnerability is fixed in 0.51.0.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 18:15:00 GMT

read more

CVE-2025-0913 - Apache os File Symlink Creation Vulnerability

CVE ID : CVE-2025-0913
Published : June 11, 2025, 6:15 p.m. | 11 hours, 45 minutes ago
Description : os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 18:15:00 GMT

read more

CVE-2025-0917 - IBM Cognos Analytics Stored Cross-Site Scripting

CVE ID : CVE-2025-0917
Published : June 11, 2025, 6:15 p.m. | 11 hours, 45 minutes ago
Description : IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 18:15:00 GMT

read more

CVE-2025-0923 - IBM Cognos Analytics Source Code Disclosure Vulnerability

CVE ID : CVE-2025-0923
Published : June 11, 2025, 6:15 p.m. | 11 hours, 45 minutes ago
Description : IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 18:15:00 GMT

read more

CVE-2025-1698 - "Xperia Fingerprint Sensor Null Pointer Denial of Service"

CVE ID : CVE-2025-1698
Published : June 11, 2025, 5:15 p.m. | 9 hours, 32 minutes ago
Description : Null pointer exception vulnerabilities were reported in the fingerprint sensor service that could allow a local attacker to cause a denial of service.
Severity: 2.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 17:15:00 GMT

read more

CVE-2025-1699 - MotoSignature Unauthorized Access Permission Vulnerability

CVE ID : CVE-2025-1699
Published : June 11, 2025, 5:15 p.m. | 9 hours, 32 minutes ago
Description : An incorrect default permissions vulnerability was reported in the MotoSignature application that could result in unauthorized access.
Severity: 2.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 17:15:00 GMT

read more

CVE-2025-22874 - DigiCert SSL Verify Certificate Validation Bypass

CVE ID : CVE-2025-22874
Published : June 11, 2025, 5:15 p.m. | 9 hours, 32 minutes ago
Description : Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 17:15:00 GMT

read more

CVE-2025-40915 - Mojolicious::Plugin::CSRF Weak Random Number Generation CSRF Vulnerability

CVE ID : CVE-2025-40915
Published : June 11, 2025, 5:15 p.m. | 9 hours, 32 minutes ago
Description : Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens. That version of the module generates tokens as an MD5 of the process id, the current time, and a single call to the built-in rand() function.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 17:15:00 GMT

read more

CVE-2025-4673 - Apache Web Server HTTP Header Information Disclosure

CVE ID : CVE-2025-4673
Published : June 11, 2025, 5:15 p.m. | 9 hours, 32 minutes ago
Description : Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 17:15:00 GMT

read more

CVE-2025-6001 - VirtueMart CSRF File Upload Bypass

CVE ID : CVE-2025-6001
Published : June 11, 2025, 5:15 p.m. | 9 hours, 32 minutes ago
Description : A Cross-Site Request Forgery (CSRF) vulnerability exists in the product image upload function of VirtueMart that bypasses the CSRF protection token. An attacker is able to craft a special CSRF request which will allow unrestricted file upload into the VirtueMart media manager.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 17:15:00 GMT

read more

CVE-2025-6002 - VirtueMart Unrestricted File Upload Vulnerability

CVE ID : CVE-2025-6002
Published : June 11, 2025, 5:15 p.m. | 9 hours, 32 minutes ago
Description : An unrestricted file upload vulnerability exists in the Product Image section of the VirtueMart backend. Authenticated attackers can upload files with arbitrary extensions, including executable or malicious files, potentially leading to remote code execution or other security impacts depending on server configuration.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 17:15:00 GMT

read more

CVE-2025-26383 - Apache iSTAR Memory Information Disclosure

CVE ID : CVE-2025-26383
Published : June 11, 2025, 4:15 p.m. | 10 hours, 32 minutes ago
Description : The iSTAR Configuration Utility (ICU) tool leaks memory, which could result in the unintended exposure of unauthorized data from the Windows PC that ICU is running on.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 16:15:00 GMT

read more

CVE-2025-48448 - Drupal Admin Audit Trail Resource Exhaustion DoS

CVE ID : CVE-2025-48448
Published : June 11, 2025, 3:15 p.m. | 11 hours, 32 minutes ago
Description : Allocation of Resources Without Limits or Throttling vulnerability in Drupal Admin Audit Trail allows Excessive Allocation.This issue affects Admin Audit Trail: from 0.0.0 before 1.0.5.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 15:15:00 GMT

read more

CVE-2025-49146 - PostgreSQL pgjdbc Channel Binding Authentication Bypass

CVE ID : CVE-2025-49146
Published : June 11, 2025, 3:15 p.m. | 11 hours, 32 minutes ago
Description : pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required (default value is prefer), the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding (such as password, MD5, GSS, or SSPI authentication). This could allow a man-in-the-middle attacker to intercept connections that users believed were protected by channel binding requirements. This vulnerability is fixed in 42.7.7.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 15:15:00 GMT

read more

CVE-2025-49148 - ClipShare Server DLL Load Hijacking Vulnerability

CVE ID : CVE-2025-49148
Published : June 11, 2025, 3:15 p.m. | 11 hours, 32 minutes ago
Description : ClipShare is a lightweight and cross-platform tool for clipboard sharing. Prior to 3.8.5, ClipShare Server for Windows uses the default Windows DLL search order and loads system libraries like CRYPTBASE.dll and WindowsCodecs.dll from its own directory before the system path. A local, non-privileged user who can write to the folder containing clip_share.exe can place malicious DLLs there, leading to arbitrary code execution in the context of the server, and, if launched by an Administrator (or another elevated user), it results in a reliable local privilege escalation. This vulnerability is fixed in 3.8.5.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 15:15:00 GMT

read more

CVE-2025-48013 - Drupal Quick Node Block Missing Authorization Vulnerability

CVE ID : CVE-2025-48013
Published : June 11, 2025, 3:15 p.m. | 9 hours, 32 minutes ago
Description : Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 15:15:00 GMT

read more

CVE-2025-48444 - Drupal Quick Node Block Authorization Bypass

CVE ID : CVE-2025-48444
Published : June 11, 2025, 3:15 p.m. | 9 hours, 32 minutes ago
Description : Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 15:15:00 GMT

read more

CVE-2025-48445 - Drupal Commerce Eurobank Redirect Authorization Bypass

CVE ID : CVE-2025-48445
Published : June 11, 2025, 3:15 p.m. | 9 hours, 32 minutes ago
Description : Incorrect Authorization vulnerability in Drupal Commerce Eurobank (Redirect) allows Functionality Misuse.This issue affects Commerce Eurobank (Redirect): from 0.0.0 before 2.1.1.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 15:15:00 GMT

read more

CVE-2025-48446 - Drupal Commerce Alphabank Redirect Authorization Bypass Vulnerability

CVE ID : CVE-2025-48446
Published : June 11, 2025, 3:15 p.m. | 9 hours, 32 minutes ago
Description : Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse.This issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 15:15:00 GMT

read more

CVE-2025-48447 - Drupal Lightgallery Cross-Site Scripting (XSS)

CVE ID : CVE-2025-48447
Published : June 11, 2025, 3:15 p.m. | 9 hours, 32 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Lightgallery allows Cross-Site Scripting (XSS).This issue affects Lightgallery: from 0.0.0 before 1.6.0.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 15:15:00 GMT

read more

CVE-2025-0163 - IBM Security Verify Access Appliance and Docker Information Disclosure Vulnerability

CVE ID : CVE-2025-0163
Published : June 11, 2025, 3:15 p.m. | 4 hours, 45 minutes ago
Description : IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker to enumerate usernames due to an observable response discrepancy of disabled accounts.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 15:15:00 GMT

read more

CVE-2025-3473 - IBM Security Guardium Privilege Escalation Local Buffer Overflow

CVE ID : CVE-2025-3473
Published : June 11, 2025, 3:15 p.m. | 4 hours, 45 minutes ago
Description : IBM Security Guardium 12.1 could allow a local privileged user to escalate their privileges to root due to insecure inherited permissions created by the program.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 15:15:00 GMT

read more

CVE-2025-4922 - Nomad Prefix-Based ACL Policy Vulnerability (Insufficient ACL Resolution)

CVE ID : CVE-2025-4922
Published : June 11, 2025, 2:15 p.m. | 5 hours, 44 minutes ago
Description : Nomad Community and Nomad Enterprise (“Nomad”) prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed in Nomad Community Edition 1.10.2 and Nomad Enterprise 1.10.2, 1.9.10, and 1.8.14.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 14:15:00 GMT

read more

CVE-2025-32711 - Microsoft 365 Copilot Command Injection Vulnerability

CVE ID : CVE-2025-32711
Published : June 11, 2025, 2:15 p.m. | 3 hours, 27 minutes ago
Description : Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 14:15:00 GMT

read more

CVE-2025-35941 - Apache Struts Password Exposure

CVE ID : CVE-2025-35941
Published : June 11, 2025, 2:15 p.m. | 3 hours, 27 minutes ago
Description : A password is exposed locally.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 14:15:00 GMT

read more

CVE-2025-40914 - Perl CryptX Integer Overflow Vulnerability

CVE ID : CVE-2025-40914
Published : June 11, 2025, 2:15 p.m. | 3 hours, 27 minutes ago
Description : Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow. CryptX embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 14:15:00 GMT

read more

CVE-2025-4605 - Autodesk Maya Uncontrolled Memory Allocation Vulnerability

CVE ID : CVE-2025-4605
Published : June 11, 2025, 2:15 p.m. | 3 hours, 27 minutes ago
Description : A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled memory allocation vulnerability. A malicious actor may leverage this vulnerability to cause a denial-of-service (DoS), or cause data corruption.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 14:15:00 GMT

read more

CVE-2025-5144 - "Stored Cross-Site Scripting in The Events Calendar for WordPress"

CVE ID : CVE-2025-5144
Published : June 11, 2025, 1:15 p.m. | 4 hours, 28 minutes ago
Description : The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-date-*’ parameters in all versions up to, and including, 6.13.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 13:15:00 GMT

read more

CVE-2025-5986 - Thunderbird Automatic PDF Download Vulnerability

CVE ID : CVE-2025-5986
Published : June 11, 2025, 12:15 p.m. | 5 hours, 27 minutes ago
Description : A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data (e.g. using /dev/urandom on Linux) or to leak Windows credentials via SMB links when the email is viewed in HTML mode. While user interaction is required to download the .pdf file, visual obfuscation can conceal the download trigger. Viewing the email in HTML mode is enough to load external content. This vulnerability affects Thunderbird < 128.11.1 and Thunderbird < 139.0.2.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 12:15:00 GMT

read more

CVE-2025-3302 - Xagio SEO – WordPress Stored Cross-Site Scripting

CVE ID : CVE-2025-3302
Published : June 11, 2025, 12:15 p.m. | 5 hours, 4 minutes ago
Description : The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘HTTP_REFERER’ parameter in all versions up to, and including, 7.1.0.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 7.1.0.0.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 12:15:00 GMT

read more

CVE-2025-49709 - Mozilla Firefox Canvas Memory Corruption Vulnerability

CVE ID : CVE-2025-49709
Published : June 11, 2025, 12:15 p.m. | 5 hours, 4 minutes ago
Description : Certain canvas operations could have lead to memory corruption. This vulnerability affects Firefox < 139.0.4.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 12:15:00 GMT

read more

CVE-2025-49710 - Mozilla Firefox Integer Overflow Vulnerability

CVE ID : CVE-2025-49710
Published : June 11, 2025, 12:15 p.m. | 5 hours, 4 minutes ago
Description : An integer overflow was present in `OrderedHashTable` used by the JavaScript engine This vulnerability affects Firefox < 139.0.4.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 12:15:00 GMT

read more

CVE-2025-5687 - Mozilla VPN macOS Privilege Escalation

CVE ID : CVE-2025-5687
Published : June 11, 2025, 12:15 p.m. | 5 hours, 4 minutes ago
Description : A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root. *This bug only affects Mozilla VPN on macOS. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN 2.28.0 < (macOS).
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 12:15:00 GMT

read more

CVE-2025-4128 - Mattermost Guest User API Team Information Disclosure

CVE ID : CVE-2025-4128
Published : June 11, 2025, 11:15 a.m. | 6 hours, 4 minutes ago
Description : Mattermost versions 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to properly restrict API access to team information, allowing guest users to bypass permissions and view information about public teams they are not members of via a direct API call to /api/v4/teams/{team_id}.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 11:15:00 GMT

read more

CVE-2025-4573 - Mattermost LDAP Group ID Attribute Injection Vulnerability

CVE ID : CVE-2025-4573
Published : June 11, 2025, 11:15 a.m. | 6 hours, 4 minutes ago
Description : Mattermost versions 10.7.x <= 10.7.1, 10.6.x <= 10.6.3, 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups permission to execute LDAP search filter injection via the PUT /api/v4/ldap/groups/{remote_id}/link API when objectGUID is configured as the Group ID Attribute.
Severity: 4.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 11:15:00 GMT

read more

CVE-2025-4315 - CubeWP WordPress Privilege Escalation Vulnerability

CVE ID : CVE-2025-4315
Published : June 11, 2025, 10:15 a.m. | 7 hours, 4 minutes ago
Description : The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.23. This is due to the plugin allowing a user to update arbitrary user meta through the update_user_meta() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 10:15:00 GMT

read more

CVE-2025-26412 - SIMCom SIM7600G Command Injection Vulnerability

CVE ID : CVE-2025-26412
Published : June 11, 2025, 9:15 a.m. | 6 hours, 4 minutes ago
Description : The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 09:15:00 GMT

read more

CVE-2025-41661 - Apache Device Manager CSRF Root Shell

CVE ID : CVE-2025-41661
Published : June 11, 2025, 9:15 a.m. | 6 hours, 4 minutes ago
Description : An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery (CSRF) protection in the Main Web Interface (endpoint event_mail_test).
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 09:15:00 GMT

read more

CVE-2025-41662 - "Viasat IoT Gen CSRF Root Command Execution"

CVE ID : CVE-2025-41662
Published : June 11, 2025, 9:15 a.m. | 6 hours, 4 minutes ago
Description : An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery (CSRF) protection in the Main Web Interface (endpoint tls_iotgen_setting).
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 09:15:00 GMT

read more

CVE-2025-41663 - Apache Web Confidentiality Vulnerability: Remote Command Injection

CVE ID : CVE-2025-41663
Published : June 11, 2025, 9:15 a.m. | 6 hours, 4 minutes ago
Description : An unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers and gain arbitrary command execution with elevated privileges.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 09:15:00 GMT

read more

CVE-2025-29756 - SunGrow iSolarCloud MQTT Credentials Disclosure and Decryption Key Extraction Vulnerability

CVE ID : CVE-2025-29756
Published : June 11, 2025, 8:15 a.m. | 7 hours, 4 minutes ago
Description : SunGrow's back end users system iSolarCloud https://isolarcloud.com  uses an MQTT service to transport data from the user's connected devices to the user's web browser.  The MQTT server however did not have sufficient restrictions in place to limit the topics that a user could subscribe to.  While the data that is transmitted through the MQTT server is encrypted and the credentials for the MQTT server are obtained though an API call, the credentials could be used to subscribe to any topic and the encryption key can be used to decrypt all messages received. An attack with an account on iSolarCloud.com could extract MQTT credentials and the decryption key from the browser and then use an external program to subscribe to the topic '#' and thus recieve all messages from all connected devices.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 08:15:00 GMT

read more

CVE-2025-5991 - Qt QtNetwork Use After Free Vulnerability

CVE ID : CVE-2025-5991
Published : June 11, 2025, 8:15 a.m. | 7 hours, 4 minutes ago
Description : There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a POST request and the simultaneous handling of HTTP error responses. This issue only affects Qt 6.9.0 and has been fixed for Qt 6.9.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 08:15:00 GMT

read more

CVE-2024-35295 - Perfect Harmony GH180 Physical Access Configuration Change Vulnerability

CVE ID : CVE-2024-35295
Published : June 11, 2025, 7:15 a.m. | 8 hours, 4 minutes ago
Description : A vulnerability has been identified in Perfect Harmony GH180 (All versions >= V8.0 < V8.3.3 with NXGPro+ controller manufactured between April 2020 to April 2025). The maintenance connection of affected devices fails to protect access to the device's control unit configuration. This could allow an attacker with physical access to the maintenance connection's door port to perform arbitrary configuration changes.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 07:15:00 GMT

read more

CVE-2025-5395 - WordPress Automatic Plugin Unvalidated File Upload Vulnerability

CVE ID : CVE-2025-5395
Published : June 11, 2025, 7:15 a.m. | 8 hours, 4 minutes ago
Description : The WordPress Automatic Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'core.php' file in all versions up to, and including, 3.115.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 07:15:00 GMT

read more

CVE-2025-4666 - Zotpress WordPress Stored Cross-Site Scripting Vuln

CVE ID : CVE-2025-4666
Published : June 11, 2025, 4:15 a.m. | 11 hours, 3 minutes ago
Description : The Zotpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nickname’ parameter in all versions up to, and including, 7.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 04:15:00 GMT

read more

CVE-2025-4798 - WordPress WP-DownloadManager Arbitrary File Read Vulnerability

CVE ID : CVE-2025-4798
Published : June 11, 2025, 4:15 a.m. | 11 hours, 3 minutes ago
Description : The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due to a lack of restriction on the directory an administrator can select for storing downloads. This makes it possible for authenticated attackers, with Administrator-level access and above, to download and read any file on the server, including system and configuration files.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 04:15:00 GMT

read more

CVE-2025-4799 - WordPress WP-DownloadManager Remote File Deletion Vulnerability

CVE ID : CVE-2025-4799
Published : June 11, 2025, 4:15 a.m. | 11 hours, 3 minutes ago
Description : The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file deletion due to lack of restriction on the directory a file can be deleted from in all versions up to, and including, 1.68.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). This vulnerability can be paired with CVE-2025-4798 to delete any file within the WordPress root directory.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 04:15:00 GMT

read more

CVE-2025-49788 - Apache HTTP Server Cross-Site Request Forgery

CVE ID : CVE-2025-49788
Published : June 11, 2025, 3:15 a.m. | 9 hours, 30 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 03:15:00 GMT

read more

CVE-2025-49789 - Apache Struts Remote Code Execution

CVE ID : CVE-2025-49789
Published : June 11, 2025, 3:15 a.m. | 9 hours, 30 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 03:15:00 GMT

read more

CVE-2025-49790 - Apache HTTP Server Unvalidated User Input

CVE ID : CVE-2025-49790
Published : June 11, 2025, 3:15 a.m. | 9 hours, 30 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 03:15:00 GMT

read more

CVE-2025-49791 - Apache HTTP Server Denial of Service

CVE ID : CVE-2025-49791
Published : June 11, 2025, 3:15 a.m. | 9 hours, 30 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 03:15:00 GMT

read more

CVE-2025-49792 - Apache HTTP Server Cross-Site Request Forgery

CVE ID : CVE-2025-49792
Published : June 11, 2025, 3:15 a.m. | 9 hours, 30 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 03:15:00 GMT

read more

CVE-2025-49793 - Apache HTTP Server Cross-Site Request Forgery

CVE ID : CVE-2025-49793
Published : June 11, 2025, 3:15 a.m. | 9 hours, 30 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 03:15:00 GMT

read more

CVE-2024-1244 - OSSEC HIDS Windows UNC Path Configuration Vulnerability

CVE ID : CVE-2024-1244
Published : June 11, 2025, 3:15 a.m. | 7 hours, 30 minutes ago
Description : Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an attacker in with control over the OSSEC server or in possession of the agent's key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for remote code execution or used to escalate privileges to SYSTEM via AD CS certificate forging and other similar attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 03:15:00 GMT

read more

CVE-2025-49785 - Apache HTTP Server SQL Injection

CVE ID : CVE-2025-49785
Published : June 11, 2025, 3:15 a.m. | 7 hours, 30 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 03:15:00 GMT

read more

CVE-2025-49786 - Apache HTTP Server Unvalidated User Input

CVE ID : CVE-2025-49786
Published : June 11, 2025, 3:15 a.m. | 7 hours, 30 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 03:15:00 GMT

read more

CVE-2025-49787 - Apache Web Server Unvalidated User Input

CVE ID : CVE-2025-49787
Published : June 11, 2025, 3:15 a.m. | 7 hours, 30 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 03:15:00 GMT

read more

CVE-2024-1243 - Wazuh Agent for Windows UNC Path Manipulation Vulnerability

CVE ID : CVE-2024-1243
Published : June 11, 2025, 2:15 a.m. | 8 hours, 30 minutes ago
Description : Improper input validation in the Wazuh agent for Windows prior to version 4.8.0 allows an attacker with control over the Wazuh server or agent key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for remote code execution or used to escalate privileges to SYSTEM via AD CS certificate forging and other similar attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 02:15:00 GMT

read more

CVE-2025-5958 - Google Chrome Media Use After Free Heap Corruption

CVE ID : CVE-2025-5958
Published : June 11, 2025, 1:15 a.m. | 9 hours, 30 minutes ago
Description : Use after free in Media in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 01:15:00 GMT

read more

CVE-2025-5959 - Google Chrome V8 Type Confusion Arbitrary Code Execution Vulnerability

CVE ID : CVE-2025-5959
Published : June 11, 2025, 1:15 a.m. | 9 hours, 30 minutes ago
Description : Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 01:15:00 GMT

read more

CVE-2025-49091 - KDE Konsole Remote Code Execution Vulnerability

CVE ID : CVE-2025-49091
Published : June 11, 2025, 1:15 a.m. | 7 hours, 29 minutes ago
Description : KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code path where if that binary is not available, Konsole falls back to using /bin/bash for the given arguments (i.e., the URL) provided. This allows an attacker to execute arbitrary code.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 01:15:00 GMT

read more

CVE-2025-4275 - Insyde BIOS UEFI Bootloader Execution

CVE ID : CVE-2025-4275
Published : June 11, 2025, 1:15 a.m. | 7 hours, 29 minutes ago
Description : Running the provided utility changes the certificate on any Insyde BIOS and then the attached .efi file can be launched.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 01:15:00 GMT

read more

CVE-2025-1055 - K7 Security Anti-Malware IOCTL Elevation of Privilege Vulnerability

CVE ID : CVE-2025-1055
Published : June 11, 2025, 12:15 a.m. | 8 hours, 29 minutes ago
Description : A vulnerability in the K7RKScan.sys driver, part of the K7 Security Anti-Malware suite, allows a local low-privilege user to send crafted IOCTL requests to terminate a wide range of processes running with administrative or system-level privileges, with the exception of those inherently protected by the operating system. This flaw stems from missing access control in the driver's IOCTL handler, enabling unprivileged users to perform privileged actions in kernel space. Successful exploitation can lead to denial of service by disrupting critical services or privileged applications.
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 00:15:00 GMT

read more

CVE-2025-30675 - Apache CloudStack Access Control Bypass Vulnerability

CVE ID : CVE-2025-30675
Published : June 11, 2025, 12:15 a.m. | 8 hours, 29 minutes ago
Description : In Apache CloudStack, a flaw in access control affects the listTemplates and listIsos APIs. A malicious Domain Admin or Resource Admin can exploit this issue by intentionally specifying the 'domainid' parameter along with the 'filter=self' or 'filter=selfexecutable' values. This allows the attacker to gain unauthorized visibility into templates and ISOs under the ROOT domain. A malicious admin can enumerate and extract metadata of templates and ISOs that belong to unrelated domains, violating isolation boundaries and potentially exposing sensitive or internal configuration details.  This vulnerability has been fixed by ensuring the domain resolution strictly adheres to the caller's scope rather than defaulting to the ROOT domain. Affected users are recommended to upgrade to Apache CloudStack 4.19.3.0 or 4.20.1.0.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 00:15:00 GMT

read more

CVE-2025-32717 - Microsoft Office Word Heap-based Buffer Overflow Vulnerability

CVE ID : CVE-2025-32717
Published : June 11, 2025, 12:15 a.m. | 8 hours, 29 minutes ago
Description : Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 00:15:00 GMT

read more

CVE-2024-8270 - Apple Rocket.Chat TCC Policy Bypass and DYLIB Injection Vulnerability

CVE ID : CVE-2024-8270
Published : June 11, 2025, 12:15 a.m. | 7 hours, 43 minutes ago
Description : The macOS Rocket.Chat application is affected by a vulnerability that allows bypassing Transparency, Consent, and Control (TCC) policies, enabling the exploitation or abuse of permissions specified in its entitlements (e.g., microphone, camera, automation, network client). Since Rocket.Chat was not signed with the Hardened Runtime nor set to enforce Library Validation, it is vulnerable to DYLIB injection attacks, which can lead to unauthorized actions or escalation of permissions. Consequently, an attacker gains capabilities that are not permitted by default under the Sandbox and its application profile.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 00:15:00 GMT

read more

CVE-2024-9062 - Apple Archify Local Privilege Escalation Vulnerability

CVE ID : CVE-2024-9062
Published : June 11, 2025, 12:15 a.m. | 7 hours, 43 minutes ago
Description : The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. Archify follows the "factored applications" model, delegating privileged operations—such as arbitrary file deletion and file permission changes—to this helper running as root. However, the helper does not verify the code signature, entitlements, or signing flags of the connecting client. Although macOS provides secure validation mechanisms like auditToken, these are not implemented. As a result, any local process can establish a connection to the helper and invoke privileged functionality, leading to unauthorized execution of actions with root-level privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 00:15:00 GMT

read more

CVE-2024-7457 - Apple ws.stash.app macOS Privilege Escalation Vulnerability

CVE ID : CVE-2024-7457
Published : June 11, 2025, 12:15 a.m. | 7 hours, 3 minutes ago
Description : The ws.stash.app.mac.daemon.helper tool contains a vulnerability caused by an incorrect use of macOS’s authorization model. Instead of validating the client's authorization reference, the helper invokes AuthorizationCopyRights() using its own privileged context (root), effectively authorizing itself rather than the client. As a result, it grants the system.preferences.admin right internally, regardless of the requesting client's privileges. This flawed logic allows unprivileged clients to invoke privileged operations via XPC, including unauthorized changes to system-wide network preferences such as SOCKS, HTTP, and HTTPS proxy settings. The absence of proper code-signing checks further enables arbitrary processes to exploit this flaw, leading to man-in-the-middle (MITM) attacks through traffic redirection.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 11 Jun 2025 00:15:00 GMT

read more

CVE-2025-5985 - Code-projects School Fees Payment System Remote Authentication Bypass Vulnerability

CVE ID : CVE-2025-5985
Published : June 10, 2025, 11:15 p.m. | 8 hours, 3 minutes ago
Description : A vulnerability was found in code-projects School Fees Payment System 1.0 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 23:15:00 GMT

read more

CVE-2025-47713 - Apache CloudStack Domain Admin Privilege Escalation Vulnerability

CVE ID : CVE-2025-47713
Published : June 10, 2025, 11:15 p.m. | 4 hours, 34 minutes ago
Description : A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can reset the password of user-accounts of Admin role type. This operation is not appropriately restricted and allows the attacker to assume control over higher-privileged user-accounts. A malicious Domain Admin attacker can impersonate an Admin user-account and gain access to sensitive APIs and resources that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of infrastructure managed by CloudStack. Users are recommended to upgrade to Apache CloudStack 4.19.3.0 or 4.20.1.0, which fixes the issue with the following: * Strict validation on Role Type hierarchy: the caller's user-account role must be equal to or higher than the target user-account's role. * API privilege comparison: the caller must possess all privileges of the user they are operating on. * Two new domain-level settings (restricted to the default Admin):  - role.types.allowed.for.operations.on.accounts.of.same.role.type: Defines which role types are allowed to act on users of the same role type. Default: "Admin, DomainAdmin, ResourceAdmin".    - allow.operations.on.users.in.same.account: Allows/disallows user operations within the same account. Default: true.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 23:15:00 GMT

read more

CVE-2025-47849 - Apache CloudStack Domain Admin Privilege Escalation Vulnerability

CVE ID : CVE-2025-47849
Published : June 10, 2025, 11:15 p.m. | 4 hours, 34 minutes ago
Description : A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can get the API key and secret key of user-accounts of Admin role type in the same domain. This operation is not appropriately restricted and allows the attacker to assume control over higher-privileged user-accounts. A malicious Domain Admin attacker can impersonate an Admin user-account and gain access to sensitive APIs and resources that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of infrastructure managed by CloudStack. Users are recommended to upgrade to Apache CloudStack 4.19.3.0 or 4.20.1.0, which fixes the issue with the following: * Strict validation on Role Type hierarchy: the caller's role must be equal to or higher than the target user's role.  * API privilege comparison: the caller must possess all privileges of the user they are operating on.  * Two new domain-level settings (restricted to the default admin):   - role.types.allowed.for.operations.on.accounts.of.same.role.type: Defines which role types are allowed to act on users of the same role type. Default: "Admin, DomainAdmin, ResourceAdmin".   - allow.operations.on.users.in.same.account: Allows/disallows user operations within the same account. Default: true.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 23:15:00 GMT

read more

CVE-2025-5984 - SourceCodester Online Student Clearance System Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5984
Published : June 10, 2025, 11:15 p.m. | 4 hours, 34 minutes ago
Description : A vulnerability has been found in SourceCodester Online Student Clearance System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Admin/add-fee.php. The manipulation of the argument txtamt leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 23:15:00 GMT

read more

CVE-2025-47092 - Adobe Experience Manager Stored XSS

CVE ID : CVE-2025-47092
Published : June 10, 2025, 11:15 p.m. | 3 hours, 14 minutes ago
Description : Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 23:15:00 GMT

read more

CVE-2025-47093 - Adobe Experience Manager Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-47093
Published : June 10, 2025, 11:15 p.m. | 3 hours, 14 minutes ago
Description : Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 23:15:00 GMT

read more

CVE-2025-47094 - Adobe Experience Manager Reflected Cross-Site Scripting (XSS)

CVE ID : CVE-2025-47094
Published : June 10, 2025, 11:15 p.m. | 3 hours, 14 minutes ago
Description : Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 23:15:00 GMT

read more

CVE-2025-47095 - Adobe Experience Manager Open Redirect

CVE ID : CVE-2025-47095
Published : June 10, 2025, 11:15 p.m. | 3 hours, 14 minutes ago
Description : Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority and does not represent a valid vulnerability.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 23:15:00 GMT

read more

CVE-2025-47096 - Adobe Experience Manager Arbitrary Code Execution Vulnerability

CVE ID : CVE-2025-47096
Published : June 10, 2025, 11:15 p.m. | 3 hours, 14 minutes ago
Description : Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Low privileges are required.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 23:15:00 GMT

read more

CVE-2025-47102 - Adobe Experience Manager DOM-based Cross-Site Scripting (XSS)

CVE ID : CVE-2025-47102
Published : June 10, 2025, 11:15 p.m. | 3 hours, 14 minutes ago
Description : Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority and does not represent a valid vulnerability.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 23:15:00 GMT

read more

CVE-2025-47113 - Adobe Experience Manager Stored Cross-Site Scripting (XSS)

CVE ID : CVE-2025-47113
Published : June 10, 2025, 11:15 p.m. | 3 hours, 14 minutes ago
Description : Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 23:15:00 GMT

read more

CVE-2025-47114 - Adobe Experience Manager Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-47114
Published : June 10, 2025, 11:15 p.m. | 3 hours, 14 minutes ago
Description : Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 23:15:00 GMT

read more

CVE-2025-47115 - Adobe Experience Manager Stored Cross-Site Scripting (XSS)

CVE ID : CVE-2025-47115
Published : June 10, 2025, 11:15 p.m. | 3 hours, 14 minutes ago
Description : Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 23:15:00 GMT

read more

CVE-2025-47116 - Adobe Experience Manager Stored XSS Vulnerability

CVE ID : CVE-2025-47116
Published : June 10, 2025, 11:15 p.m. | 3 hours, 14 minutes ago
Description : Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 23:15:00 GMT

read more

CVE-2025-47117 - Adobe Experience Manager Stored XSS Vulnerability

CVE ID : CVE-2025-47117
Published : June 10, 2025, 11:15 p.m. | 3 hours, 14 minutes ago
Description : Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 23:15:00 GMT

read more

CVE-2025-47088 - Adobe Experience Manager Stored XSS

CVE ID : CVE-2025-47088
Published : June 10, 2025, 11:15 p.m. | 2 hours, 3 minutes ago
Description : Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 23:15:00 GMT

read more

CVE-2025-47089 - Adobe Experience Manager Stored Cross-Site Scripting (XSS)

CVE ID : CVE-2025-47089
Published : June 10, 2025, 11:15 p.m. | 2 hours, 3 minutes ago
Description : Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 23:15:00 GMT

read more

CVE-2025-47090 - Adobe Experience Manager Stored XSS

CVE ID : CVE-2025-47090
Published : June 10, 2025, 11:15 p.m. | 2 hours, 3 minutes ago
Description : Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 23:15:00 GMT

read more

CVE-2025-47091 - Adobe Experience Manager Stored XSS Vulnerability

CVE ID : CVE-2025-47091
Published : June 10, 2025, 11:15 p.m. | 2 hours, 3 minutes ago
Description : Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 23:15:00 GMT

read more

CVE-2025-35940 - ArchiverSpaApi JWT Signing Key Hard-Coded Vulnerability

CVE ID : CVE-2025-35940
Published : June 10, 2025, 9:15 p.m. | 1 hour, 28 minutes ago
Description : The ArchiverSpaApi ASP.NET application uses a hard-coded JWT signing key. An unauthenticated remote attacker can generate and use a verifiable JWT token to access protected ArchiverSpaApi URL endpoints.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 21:15:00 GMT

read more

CVE-2025-5978 - Tenda FH1202 Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5978
Published : June 10, 2025, 9:15 p.m. | 1 hour, 28 minutes ago
Description : A vulnerability was found in Tenda FH1202 1.2.0.14. It has been classified as critical. Affected is the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 21:15:00 GMT

read more

CVE-2025-5979 - Code-projects School Fees Payment System SQL Injection Vulnerability

CVE ID : CVE-2025-5979
Published : June 10, 2025, 9:15 p.m. | 1 hour, 28 minutes ago
Description : A vulnerability classified as critical has been found in code-projects School Fees Payment System 1.0. This affects an unknown part of the file /branch.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 21:15:00 GMT

read more

CVE-2025-5980 - Code-projects Restaurant Order System SQL Injection Vulnerability

CVE ID : CVE-2025-5980
Published : June 10, 2025, 9:15 p.m. | 1 hour, 28 minutes ago
Description : A vulnerability classified as critical was found in code-projects Restaurant Order System 1.0. This vulnerability affects unknown code of the file /order.php. The manipulation of the argument tabidNoti leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 21:15:00 GMT

read more

CVE-2024-41502 - Jetimob Plataforma Imobiliaria XSS in Observaces Field

CVE ID : CVE-2024-41502
Published : June 10, 2025, 8:15 p.m. | 2 hours, 29 minutes ago
Description : Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) via the form field "Observaces" (observances) in the "Pessoas" (persons) section when creating or editing either a legal or a natural person.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 20:15:00 GMT

read more

CVE-2024-41503 - Jetimob Plataforma Imobiliaria Cross-Site Scripting (XSS)

CVE ID : CVE-2024-41503
Published : June 10, 2025, 8:15 p.m. | 2 hours, 29 minutes ago
Description : Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) in the field "Ttulo" (title) inside the filter Save option in the "Busca" (search) function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 20:15:00 GMT

read more

CVE-2024-41504 - Jetimob Plataforma Imobiliaria Cross Site Scripting (XSS)

CVE ID : CVE-2024-41504
Published : June 10, 2025, 8:15 p.m. | 2 hours, 29 minutes ago
Description : Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS). In the "Oportunidades" (opportunities) section of the application when creating or editing an "Atividade" (activity), the form field "Descrico" allows injection of JavaScript.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 20:15:00 GMT

read more

CVE-2024-41505 - Jetimob Plataforma Imobiliaria XSS in Pessoas Profisso Field

CVE ID : CVE-2024-41505
Published : June 10, 2025, 8:15 p.m. | 2 hours, 29 minutes ago
Description : Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) in the "Pessoas" (persons) section via the field "Profisso" (professor).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 20:15:00 GMT

read more

CVE-2025-36852 - Amazon S3/Google Cloud Storage Remote Cache Artifact Injection Vulnerability

CVE ID : CVE-2025-36852
Published : June 10, 2025, 8:15 p.m. | 2 hours, 28 minutes ago
Description : A critical security vulnerability exists in remote cache extensions for common build systems utilizing bucket-based remote cache (such as those using Amazon S3, Google Cloud Storage, or similar object storage) that allows any contributor with pull request privileges to inject compromised artifacts from an untrusted environment into trusted production environments without detection.  The vulnerability exploits a fundamental design flaw in the "first-to-cache wins" principle, where artifacts built in untrusted environments (feature branches, pull requests) can poison the cache used by trusted environments (protected branches, production deployments).  This attack bypasses all traditional security measures including encryption, access controls, and checksum validation because the poisoning occurs during the artifact construction phase, before any security measures are applied.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 20:15:00 GMT

read more

CVE-2025-3052 - Microsoft UEFI Firmware Arbitrary Write Vulnerability

CVE ID : CVE-2025-3052
Published : June 10, 2025, 8:15 p.m. | 2 hours, 28 minutes ago
Description : An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM. Exploiting this vulnerability could enable security bypasses, persistence mechanisms, or full system compromise.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 20:15:00 GMT

read more

CVE-2025-49133 - Libtpms TPM 2.0 OOB Read Vulnerability

CVE ID : CVE-2025-49133
Published : June 10, 2025, 8:15 p.m. | 2 hours, 28 minutes ago
Description : Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived from the TPM 2.0 reference implementation code published by the Trusted Computing Group, is prone to a potential out of bounds (OOB) read vulnerability. The vulnerability occurs in the ‘CryptHmacSign’ function with an inconsistent pairing of the signKey and signScheme parameters, where the signKey is ALG_KEYEDHASH key and inScheme is an ECC or RSA scheme. The reported vulnerability is in the ‘CryptHmacSign’ function, which is defined in the "Part 4: Supporting Routines – Code" document, section "7.151 - /tpm/src/crypt/CryptUtil.c ". This vulnerability can be triggered from user-mode applications by sending malicious commands to a TPM 2.0/vTPM (swtpm) whose firmware is based on an affected TCG reference implementation. The effect on libtpms is that it will cause an abort due to the detection of the out-of-bounds access, thus for example making a vTPM (swtpm) unavailable to a VM. This vulnerability is fixed in 0.7.12, 0.8.10, 0.9.7, and 0.10.1.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 20:15:00 GMT

read more

CVE-2025-5974 - PHPGurukul Restaurant Table Booking System Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5974
Published : June 10, 2025, 8:15 p.m. | 2 hours, 28 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in PHPGurukul Restaurant Table Booking System 1.0. Affected by this issue is some unknown functionality of the file /check-status.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 20:15:00 GMT

read more

CVE-2025-5975 - PHPGurukul Rail Pass Management System Cross Site Scripting Vulnerability

CVE ID : CVE-2025-5975
Published : June 10, 2025, 8:15 p.m. | 2 hours, 28 minutes ago
Description : A vulnerability, which was classified as problematic, was found in PHPGurukul Rail Pass Management System 1.0. This affects an unknown part of the file /rpms/download-pass.php. The manipulation of the argument searchdata leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 20:15:00 GMT

read more

CVE-2025-5976 - PHPGurukul Rail Pass Management System Cross Site Scripting Vulnerability

CVE ID : CVE-2025-5976
Published : June 10, 2025, 8:15 p.m. | 2 hours, 28 minutes ago
Description : A vulnerability has been found in PHPGurukul Rail Pass Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/add-pass.php. The manipulation of the argument fullname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 20:15:00 GMT

read more

CVE-2025-5977 - Code-projects School Fees Payment System SQL Injection Vulnerability

CVE ID : CVE-2025-5977
Published : June 10, 2025, 8:15 p.m. | 2 hours, 28 minutes ago
Description : A vulnerability was found in code-projects School Fees Payment System 1.0 and classified as critical. This issue affects some unknown processing of the file /datatable.php. The manipulation of the argument sSortDir_0 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 20:15:00 GMT

read more

CVE-2025-43575 - Adobe Acrobat Reader Out-of-Bounds Write Arbitrary Code Execution Vulnerability

CVE ID : CVE-2025-43575
Published : June 10, 2025, 7:15 p.m. | 3 hours, 28 minutes ago
Description : Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 19:15:00 GMT

read more

CVE-2025-43576 - Adobe Acrobat Reader Use After Free Vulnerability

CVE ID : CVE-2025-43576
Published : June 10, 2025, 7:15 p.m. | 3 hours, 28 minutes ago
Description : Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 19:15:00 GMT

read more

CVE-2025-43577 - Adobe Acrobat Reader Use After Free Vulnerability

CVE ID : CVE-2025-43577
Published : June 10, 2025, 7:15 p.m. | 3 hours, 28 minutes ago
Description : Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 19:15:00 GMT

read more

CVE-2025-43578 - Adobe Acrobat Reader Out-of-Bounds Read Vulnerability

CVE ID : CVE-2025-43578
Published : June 10, 2025, 7:15 p.m. | 3 hours, 28 minutes ago
Description : Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 19:15:00 GMT

read more

CVE-2025-43579 - Adobe Acrobat Reader Information Exposure Security Feature Bypass

CVE ID : CVE-2025-43579
Published : June 10, 2025, 7:15 p.m. | 3 hours, 28 minutes ago
Description : Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an Information Exposure vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain unauthorized access to sensitive information. Exploitation of this issue does not require user interaction.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 19:15:00 GMT

read more

CVE-2025-47107 - Adobe InCopy Heap Buffer Overflow Vulnerability

CVE ID : CVE-2025-47107
Published : June 10, 2025, 7:15 p.m. | 3 hours, 28 minutes ago
Description : InCopy versions 20.2, 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 19:15:00 GMT

read more

CVE-2025-47111 - Adobe Acrobat Reader NULL Pointer Dereference Denial of Service Vulnerability

CVE ID : CVE-2025-47111
Published : June 10, 2025, 7:15 p.m. | 3 hours, 28 minutes ago
Description : Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 19:15:00 GMT

read more

CVE-2025-47112 - Adobe Acrobat Reader Out-of-Bounds Read

CVE ID : CVE-2025-47112
Published : June 10, 2025, 7:15 p.m. | 3 hours, 28 minutes ago
Description : Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 19:15:00 GMT

read more

CVE-2025-5972 - PHPGurukul Restaurant Table Booking System Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5972
Published : June 10, 2025, 7:15 p.m. | 3 hours, 28 minutes ago
Description : A vulnerability classified as problematic has been found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file /admin/manage-subadmins.php. The manipulation of the argument fullname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 19:15:00 GMT

read more

CVE-2025-5973 - PHPGurukul Restaurant Table Booking System Cross Site Scripting Vulnerability

CVE ID : CVE-2025-5973
Published : June 10, 2025, 7:15 p.m. | 3 hours, 28 minutes ago
Description : A vulnerability classified as problematic was found in PHPGurukul Restaurant Table Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add-table.php. The manipulation of the argument tableno leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 19:15:00 GMT

read more

CVE-2025-30327 - Adobe InCopy Integer Overflow Arbitrary Code Execution Vulnerability

CVE ID : CVE-2025-30327
Published : June 10, 2025, 7:15 p.m. | 2 hours, 3 minutes ago
Description : InCopy versions 20.2, 19.5.3 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 19:15:00 GMT

read more

CVE-2025-43550 - Adobe Acrobat Reader Use After Free Vulnerability

CVE ID : CVE-2025-43550
Published : June 10, 2025, 7:15 p.m. | 2 hours, 3 minutes ago
Description : Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 19:15:00 GMT

read more

CVE-2025-43573 - Adobe Acrobat Reader Use After Free Arbitrary Code Execution Vulnerability

CVE ID : CVE-2025-43573
Published : June 10, 2025, 7:15 p.m. | 2 hours, 3 minutes ago
Description : Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 19:15:00 GMT

read more

CVE-2025-43574 - Adobe Acrobat Reader Use After Free Vulnerability

CVE ID : CVE-2025-43574
Published : June 10, 2025, 7:15 p.m. | 2 hours, 3 minutes ago
Description : Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 19:15:00 GMT

read more

CVE-2025-2884 - TPM2.0 Reference Implementation Cryptographic HMAC Sign Vulnerability

CVE ID : CVE-2025-2884
Published : June 10, 2025, 6:15 p.m. | 2 hours, 12 minutes ago
Description : TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata 1.83 of TCG standard TPM2.0
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 18:15:00 GMT

read more

CVE-2025-36574 - Dell Wyse Management Suite Absolute Path Traversal Vulnerability

CVE ID : CVE-2025-36574
Published : June 10, 2025, 6:15 p.m. | 2 hours, 12 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Absolute Path Traversal vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and Unauthorized access.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 18:15:00 GMT

read more

CVE-2025-36575 - Dell Wyse Management Suite Exposes Sensitive Information Through Data Queries

CVE ID : CVE-2025-36575
Published : June 10, 2025, 6:15 p.m. | 2 hours, 12 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Exposure of Sensitive Information Through Data Queries vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 18:15:00 GMT

read more

CVE-2025-36576 - Dell Wyse Management Suite CSRF Vulnerability

CVE ID : CVE-2025-36576
Published : June 10, 2025, 6:15 p.m. | 2 hours, 12 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.2, contain a Cross-Site Request Forgery (CSRF) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 18:15:00 GMT

read more

CVE-2025-36577 - Dell Wyse Management Suite Cross-site Scripting Vulnerability

CVE ID : CVE-2025-36577
Published : June 10, 2025, 6:15 p.m. | 2 hours, 12 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 18:15:00 GMT

read more

CVE-2025-36578 - Dell Wyse Management Suite Incorrect Authorization Vulnerability

CVE ID : CVE-2025-36578
Published : June 10, 2025, 6:15 p.m. | 2 hours, 12 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Incorrect Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 18:15:00 GMT

read more

CVE-2025-36580 - Dell Wyse Management Suite Cross-site Scripting Vulnerability

CVE ID : CVE-2025-36580
Published : June 10, 2025, 6:15 p.m. | 2 hours, 12 minutes ago
Description : Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 18:15:00 GMT

read more

CVE-2025-43581 - Substance3D Sampler Out-of-Bounds Write Arbitrary Code Execution Vulnerability

CVE ID : CVE-2025-43581
Published : June 10, 2025, 6:15 p.m. | 2 hours, 12 minutes ago
Description : Substance3D - Sampler versions 5.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 18:15:00 GMT

read more

CVE-2025-43588 - Substance3D Sampler Out-of-Bounds Write Vulnerability

CVE ID : CVE-2025-43588
Published : June 10, 2025, 6:15 p.m. | 2 hours, 12 minutes ago
Description : Substance3D - Sampler versions 5.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 18:15:00 GMT

read more

CVE-2025-5943 - MicroDicom DICOM Viewer Out-of-Bounds Write Remote Code Execution Vulnerability

CVE ID : CVE-2025-5943
Published : June 10, 2025, 6:15 p.m. | 2 hours, 12 minutes ago
Description : MicroDicom DICOM Viewer suffers from an out-of-bounds write vulnerability. Remote attackers are able to exploit this issue to potentially execute arbitrary code on affected installations of DICOM Viewer. User interaction is required to exploit the vulnerability in that the user must either visit a malicious website or open a malicious DICOM file locally.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 18:15:00 GMT

read more

CVE-2025-5971 - Apache Code-projects School Fees Payment System SQL Injection Vulnerability

CVE ID : CVE-2025-5971
Published : June 10, 2025, 6:15 p.m. | 2 hours, 12 minutes ago
Description : A vulnerability was found in code-projects School Fees Payment System 1.0. It has been classified as critical. This affects an unknown part of the file /ajx.php. The manipulation of the argument name_startsWith leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 18:15:00 GMT

read more

CVE-2024-37394 - REDCap Stored XSS Vulnerability

CVE ID : CVE-2024-37394
Published : June 10, 2025, 6:15 p.m. | 1 hour, 3 minutes ago
Description : A stored cross-site scripting (XSS) vulnerability in the Project Dashboards of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Dashboard title' and 'Dashboard content' text boxes. This can lead to the execution of malicious scripts when the dashboard is viewed. Users are recommended to update to version 14.2.1 or later to mitigate this vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 18:15:00 GMT

read more

CVE-2024-37395 - REDCap Stored Cross-Site Scripting (XSS) Vulnerability

CVE ID : CVE-2024-37395
Published : June 10, 2025, 6:15 p.m. | 1 hour, 3 minutes ago
Description : A stored cross-site scripting (XSS) vulnerability in the Public Survey function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Survey Title' and 'Survey Instructions' fields. This vulnerability could be exploited by attackers to execute malicious scripts when the survey is accessed through its public link. It is advised to update to version 14.2.1 or later to fix this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 18:15:00 GMT

read more

CVE-2024-37396 - REDCap Calendar XSS

CVE ID : CVE-2024-37396
Published : June 10, 2025, 6:15 p.m. | 1 hour, 3 minutes ago
Description : A stored cross-site scripting (XSS) vulnerability in the Calendar function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Notes' field of a calendar event. This could lead to the execution of malicious scripts when the event is viewed. Updating to version 14.2.1 or later is recommended to remediate this vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 18:15:00 GMT

read more

CVE-2025-0051 - NetApp FlashArray Authentication Denial of Service

CVE ID : CVE-2025-0051
Published : June 10, 2025, 6:15 p.m. | 1 hour, 3 minutes ago
Description : Improper input validation performed during the authentication process of FlashArray could lead to a system Denial of Service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 18:15:00 GMT

read more

CVE-2025-0052 - NetApp FlashBlade Authentication Denial of Service

CVE ID : CVE-2025-0052
Published : June 10, 2025, 6:15 p.m. | 1 hour, 3 minutes ago
Description : Improper input validation performed during the authentication process of FlashBlade could lead to a system Denial of Service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 18:15:00 GMT

read more

CVE-2025-2474 - QNX SDP PCX Image Codec Out-of-Bounds Write Denial-of-Service/Execution of Arbitrary Code

CVE ID : CVE-2025-2474
Published : June 10, 2025, 6:15 p.m. | 1 hour, 3 minutes ago
Description : Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 18:15:00 GMT

read more

CVE-2025-5969 - D-Link DIR-632 HTTP POST Request Handler Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5969
Published : June 10, 2025, 5:25 p.m. | 1 hour, 53 minutes ago
Description : A vulnerability has been found in D-Link DIR-632 FW103B08 and classified as critical. Affected by this vulnerability is the function FUN_00425fd8 of the file /biurl_grou of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 17:25:00 GMT

read more

CVE-2025-5970 - PHPGurukul Restaurant Table Booking System Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5970
Published : June 10, 2025, 5:25 p.m. | 1 hour, 53 minutes ago
Description : A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/add-subadmin.php. The manipulation of the argument fullname leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 17:25:00 GMT

read more

CVE-2025-47956 - Windows Security App Path Traversal Vulnerability

CVE ID : CVE-2025-47956
Published : June 10, 2025, 5:24 p.m. | 1 hour, 54 minutes ago
Description : External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 17:24:00 GMT

read more

CVE-2025-47957 - Microsoft Office Word Use-After-Free Remote Code Execution Vulnerability

CVE ID : CVE-2025-47957
Published : June 10, 2025, 5:24 p.m. | 1 hour, 54 minutes ago
Description : Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 17:24:00 GMT

read more

CVE-2025-47962 - Windows SDK Privilege Escalation Vulnerability

CVE ID : CVE-2025-47962
Published : June 10, 2025, 5:24 p.m. | 1 hour, 54 minutes ago
Description : Improper access control in Windows SDK allows an authorized attacker to elevate privileges locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 17:24:00 GMT

read more

CVE-2025-47968 - Microsoft AutoUpdate Privilege Escalation Vulnerability

CVE ID : CVE-2025-47968
Published : June 10, 2025, 5:24 p.m. | 1 hour, 54 minutes ago
Description : Improper input validation in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 17:24:00 GMT

read more

CVE-2025-47969 - Windows Hello Information Exposure Vulnerability

CVE ID : CVE-2025-47969
Published : June 10, 2025, 5:24 p.m. | 1 hour, 54 minutes ago
Description : Exposure of sensitive information to an unauthorized actor in Windows Hello allows an authorized attacker to disclose information locally.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 17:24:00 GMT

read more

CVE-2025-47977 - Nuance Digital Engagement Platform Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-47977
Published : June 10, 2025, 5:24 p.m. | 1 hour, 54 minutes ago
Description : Improper neutralization of input during web page generation ('cross-site scripting') in Nuance Digital Engagement Platform allows an authorized attacker to perform spoofing over a network.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 17:24:00 GMT

read more

CVE-2025-47953 - Microsoft Office Use After Free Remote Code Execution Vulnerability

CVE ID : CVE-2025-47953
Published : June 10, 2025, 5:24 p.m. | 1 hour, 3 minutes ago
Description : Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 17:24:00 GMT

read more

CVE-2025-47955 - Microsoft Windows Remote Access Connection Manager Privilege Escalation Vulnerability

CVE ID : CVE-2025-47955
Published : June 10, 2025, 5:24 p.m. | 1 hour, 3 minutes ago
Description : Improper privilege management in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 17:24:00 GMT

read more

CVE-2025-47162 - Microsoft Office Heap-based Buffer Overflow Vulnerability

CVE ID : CVE-2025-47162
Published : June 10, 2025, 5:23 p.m. | 1 hour, 3 minutes ago
Description : Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 17:23:00 GMT

read more

CVE-2025-47163 - Microsoft Office SharePoint Remote Code Execution Vulnerability

CVE ID : CVE-2025-47163
Published : June 10, 2025, 5:23 p.m. | 1 hour, 3 minutes ago
Description : Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 17:23:00 GMT

read more

CVE-2025-47164 - Microsoft Office Use After Free Remote Code Execution Vulnerability

CVE ID : CVE-2025-47164
Published : June 10, 2025, 5:23 p.m. | 1 hour, 3 minutes ago
Description : Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 17:23:00 GMT

read more

CVE-2025-47165 - Microsoft Office Excel Use-After-Free Vulnerability Allows Local Code Execution

CVE ID : CVE-2025-47165
Published : June 10, 2025, 5:23 p.m. | 1 hour, 3 minutes ago
Description : Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 17:23:00 GMT

read more

CVE-2025-47166 - Microsoft Office SharePoint Remote Code Execution

CVE ID : CVE-2025-47166
Published : June 10, 2025, 5:23 p.m. | 1 hour, 3 minutes ago
Description : Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 17:23:00 GMT

read more

CVE-2025-47167 - Microsoft Office Type Confusion Code Execution

CVE ID : CVE-2025-47167
Published : June 10, 2025, 5:23 p.m. | 1 hour, 3 minutes ago
Description : Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 17:23:00 GMT

read more

CVE-2025-47168 - Microsoft Office Word Use-After-Free Remote Code Execution Vulnerability

CVE ID : CVE-2025-47168
Published : June 10, 2025, 5:23 p.m. | 1 hour, 3 minutes ago
Description : Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 17:23:00 GMT

read more

CVE-2025-47169 - Microsoft Office Word Heap Buffer Overflow (Code Execution)

CVE ID : CVE-2025-47169
Published : June 10, 2025, 5:23 p.m. | 1 hour, 3 minutes ago
Description : Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 17:23:00 GMT

read more

CVE-2025-47170 - Microsoft Office Word Use After Free Code Execution Vulnerability

CVE ID : CVE-2025-47170
Published : June 10, 2025, 5:23 p.m. | 1 hour, 3 minutes ago
Description : Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 17:23:00 GMT

read more

CVE-2025-47171 - Microsoft Office Outlook Remote Code Execution Vulnerability

CVE ID : CVE-2025-47171
Published : June 10, 2025, 5:23 p.m. | 1 hour, 3 minutes ago
Description : Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 17:23:00 GMT

read more

CVE-2025-47172 - Microsoft Office SharePoint SQL Injection

CVE ID : CVE-2025-47172
Published : June 10, 2025, 5:23 p.m. | 1 hour, 3 minutes ago
Description : Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 17:23:00 GMT

read more

CVE-2025-47173 - Microsoft Office Code Execution Vulnerability

CVE ID : CVE-2025-47173
Published : June 10, 2025, 5:23 p.m. | 1 hour, 3 minutes ago
Description : Improper input validation in Microsoft Office allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 17:23:00 GMT

read more

CVE-2025-47174 - Microsoft Office Excel Heap-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-47174
Published : June 10, 2025, 5:23 p.m. | 1 hour, 3 minutes ago
Description : Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 17:23:00 GMT

read more

CVE-2025-47175 - Microsoft Office PowerPoint Use After Free Remote Code Execution Vulnerability

CVE ID : CVE-2025-47175
Published : June 10, 2025, 5:23 p.m. | 1 hour, 3 minutes ago
Description : Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 17:23:00 GMT

read more

CVE-2025-47176 - Microsoft Office Outlook Code Execution Vulnerability

CVE ID : CVE-2025-47176
Published : June 10, 2025, 5:23 p.m. | 1 hour, 3 minutes ago
Description : '.../...//' in Microsoft Office Outlook allows an authorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 17:23:00 GMT

read more

CVE-2024-41797 - Siemens SCALANCE and RUGGEDCOM Authentication Bypass Vulnerability

CVE ID : CVE-2024-41797
Published : June 10, 2025, 4:15 p.m. | 1 hour, 3 minutes ago
Description : A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.1), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (All versions < V3.1), SCALANCE XC324-4 (6GK5328-4TS00-2AC2) (All versions < V3.1), SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2) (All versions < V3.1), SCALANCE XC332 (6GK5332-0GA00-2AC2) (All versions < V3.1), SCALANCE XC416-8 (6GK5424-8TR00-2AC2) (All versions < V3.1), SCALANCE XC424-4 (6GK5428-4TR00-2AC2) (All versions < V3.1), SCALANCE XC432 (6GK5432-0GR00-2AC2) (All versions < V3.1), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All versions < V3.1), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (All versions < V3.1), SCALANCE XCM328 (6GK5328-4TS01-2AC2) (All versions < V3.1), SCALANCE XCM332 (6GK5332-0GA01-2AC2) (All versions < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-2AR3) (All versions < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-3AR3) (All versions < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-4AR3) (All versions < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-2AR3) (All versions < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-3AR3) (All versions < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-4AR3) (All versions < V3.1), SCALANCE XR326-8 (6GK5334-2TS00-2AR3) (All versions < V3.1), SCALANCE XR326-8 (6GK5334-2TS00-3AR3) (All versions < V3.1), SCALANCE XR326-8 (6GK5334-2TS00-4AR3) (All versions < V3.1), SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3) (All versions < V3.1), SCALANCE XR502-32 (6GK5534-5TR00-2AR3) (All versions < V3.1), SCALANCE XR502-32 (6GK5534-5TR00-3AR3) (All versions < V3.1), SCALANCE XR502-32 (6GK5534-5TR00-4AR3) (All versions < V3.1), SCALANCE XR522-12 (6GK5534-3TR00-2AR3) (All versions < V3.1), SCALANCE XR522-12 (6GK5534-3TR00-3AR3) (All versions < V3.1), SCALANCE XR522-12 (6GK5534-3TR00-4AR3) (All versions < V3.1), SCALANCE XR526-8 (6GK5534-2TR00-2AR3) (All versions < V3.1), SCALANCE XR526-8 (6GK5534-2TR00-3AR3) (All versions < V3.1), SCALANCE XR526-8 (6GK5534-2TR00-4AR3) (All versions < V3.1), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) (All versions < V3.1), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) (All versions < V3.1), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) (All versions < V3.1), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) (All versions < V3.1), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) (All versions < V3.1), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) (All versions < V3.1), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3) (All versions < V3.1), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) (All versions < V3.1), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) (All versions < V3.1), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3) (All versions < V3.1). Affected devices contain an incorrect authorization check vulnerability. This could allow an authenticated remote attacker with "guest" role to invoke an internal "do system" command which exceeds their privileges. This command allows the execution of certain low-risk actions, the most critical of which is clearing the local system log.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 16:15:00 GMT

read more

CVE-2025-27206 - Adobe Commerce Improper Access Control Security Feature Bypass

CVE ID : CVE-2025-27206
Published : June 10, 2025, 4:15 p.m. | 1 hour, 3 minutes ago
Description : Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited write access. Exploitation of this issue does not require user interaction.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 16:15:00 GMT

read more

CVE-2025-27207 - Adobe Commerce Improper Access Control Vulnerability

CVE ID : CVE-2025-27207
Published : June 10, 2025, 4:15 p.m. | 1 hour, 3 minutes ago
Description : Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 16:15:00 GMT

read more

CVE-2025-30220 - GeoServer XML External Entity (XXE) Injection

CVE ID : CVE-2025-30220
Published : June 10, 2025, 4:15 p.m. | 1 hour, 3 minutes ago
Description : GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity (XXE) exploit. This impacts whoever exposes XML processing with gt-xsd-core involved in parsing, when the documents carry a reference to an external XML schema. The gt-xsd-core Schemas class is not using the EntityResolver provided by the ParserHandler (if any was configured). This also impacts users of gt-wfs-ng DataStore where the ENTITY_RESOLVER connection parameter was not being used as intended. This vulnerability is fixed in GeoTools 33.1, 32.3, 31.7, and 28.6.1, GeoServer 2.27.1, 2.26.3, and 2.25.7, and GeoNetwork 4.4.8 and 4.2.13.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 16:15:00 GMT

read more

CVE-2025-40567 - Siemens SCALANCE Web Interface Load Rollback Authorization Vulnerability

CVE ID : CVE-2025-40567
Published : June 10, 2025, 4:15 p.m. | 1 hour, 3 minutes ago
Description : A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (All versions < V3.2), SCALANCE XC324-4 (6GK5328-4TS00-2AC2) (All versions < V3.2), SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2) (All versions < V3.2), SCALANCE XC332 (6GK5332-0GA00-2AC2) (All versions < V3.2), SCALANCE XC416-8 (6GK5424-8TR00-2AC2) (All versions < V3.2), SCALANCE XC424-4 (6GK5428-4TR00-2AC2) (All versions < V3.2), SCALANCE XC432 (6GK5432-0GR00-2AC2) (All versions < V3.2), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All versions < V3.2), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (All versions < V3.2), SCALANCE XCM328 (6GK5328-4TS01-2AC2) (All versions < V3.2), SCALANCE XCM332 (6GK5332-0GA01-2AC2) (All versions < V3.2), SCALANCE XR302-32 (6GK5334-5TS00-2AR3) (All versions < V3.2), SCALANCE XR302-32 (6GK5334-5TS00-3AR3) (All versions < V3.2), SCALANCE XR302-32 (6GK5334-5TS00-4AR3) (All versions < V3.2), SCALANCE XR322-12 (6GK5334-3TS00-2AR3) (All versions < V3.2), SCALANCE XR322-12 (6GK5334-3TS00-3AR3) (All versions < V3.2), SCALANCE XR322-12 (6GK5334-3TS00-4AR3) (All versions < V3.2), SCALANCE XR326-8 (6GK5334-2TS00-2AR3) (All versions < V3.2), SCALANCE XR326-8 (6GK5334-2TS00-3AR3) (All versions < V3.2), SCALANCE XR326-8 (6GK5334-2TS00-4AR3) (All versions < V3.2), SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3) (All versions < V3.2), SCALANCE XR502-32 (6GK5534-5TR00-2AR3) (All versions < V3.2), SCALANCE XR502-32 (6GK5534-5TR00-3AR3) (All versions < V3.2), SCALANCE XR502-32 (6GK5534-5TR00-4AR3) (All versions < V3.2), SCALANCE XR522-12 (6GK5534-3TR00-2AR3) (All versions < V3.2), SCALANCE XR522-12 (6GK5534-3TR00-3AR3) (All versions < V3.2), SCALANCE XR522-12 (6GK5534-3TR00-4AR3) (All versions < V3.2), SCALANCE XR526-8 (6GK5534-2TR00-2AR3) (All versions < V3.2), SCALANCE XR526-8 (6GK5534-2TR00-3AR3) (All versions < V3.2), SCALANCE XR526-8 (6GK5534-2TR00-4AR3) (All versions < V3.2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) (All versions < V3.2), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) (All versions < V3.2), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) (All versions < V3.2), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3) (All versions < V3.2). The "Load Rollback" functionality in the web interface of affected products contains an incorrect authorization check vulnerability. This could allow an authenticated remote attacker with "guest" role to make the affected product roll back configuration changes made by privileged users.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 16:15:00 GMT

read more

CVE-2025-40568 - Siemens SCALANCE and RUGGEDCOM Web Interface Session Termination Authentication Bypass

CVE ID : CVE-2025-40568
Published : June 10, 2025, 4:15 p.m. | 1 hour, 3 minutes ago
Description : A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (All versions < V3.2), SCALANCE XC324-4 (6GK5328-4TS00-2AC2) (All versions < V3.2), SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2) (All versions < V3.2), SCALANCE XC332 (6GK5332-0GA00-2AC2) (All versions < V3.2), SCALANCE XC416-8 (6GK5424-8TR00-2AC2) (All versions < V3.2), SCALANCE XC424-4 (6GK5428-4TR00-2AC2) (All versions < V3.2), SCALANCE XC432 (6GK5432-0GR00-2AC2) (All versions < V3.2), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All versions < V3.2), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (All versions < V3.2), SCALANCE XCM328 (6GK5328-4TS01-2AC2) (All versions < V3.2), SCALANCE XCM332 (6GK5332-0GA01-2AC2) (All versions < V3.2), SCALANCE XR302-32 (6GK5334-5TS00-2AR3) (All versions < V3.2), SCALANCE XR302-32 (6GK5334-5TS00-3AR3) (All versions < V3.2), SCALANCE XR302-32 (6GK5334-5TS00-4AR3) (All versions < V3.2), SCALANCE XR322-12 (6GK5334-3TS00-2AR3) (All versions < V3.2), SCALANCE XR322-12 (6GK5334-3TS00-3AR3) (All versions < V3.2), SCALANCE XR322-12 (6GK5334-3TS00-4AR3) (All versions < V3.2), SCALANCE XR326-8 (6GK5334-2TS00-2AR3) (All versions < V3.2), SCALANCE XR326-8 (6GK5334-2TS00-3AR3) (All versions < V3.2), SCALANCE XR326-8 (6GK5334-2TS00-4AR3) (All versions < V3.2), SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3) (All versions < V3.2), SCALANCE XR502-32 (6GK5534-5TR00-2AR3) (All versions < V3.2), SCALANCE XR502-32 (6GK5534-5TR00-3AR3) (All versions < V3.2), SCALANCE XR502-32 (6GK5534-5TR00-4AR3) (All versions < V3.2), SCALANCE XR522-12 (6GK5534-3TR00-2AR3) (All versions < V3.2), SCALANCE XR522-12 (6GK5534-3TR00-3AR3) (All versions < V3.2), SCALANCE XR522-12 (6GK5534-3TR00-4AR3) (All versions < V3.2), SCALANCE XR526-8 (6GK5534-2TR00-2AR3) (All versions < V3.2), SCALANCE XR526-8 (6GK5534-2TR00-3AR3) (All versions < V3.2), SCALANCE XR526-8 (6GK5534-2TR00-4AR3) (All versions < V3.2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) (All versions < V3.2), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) (All versions < V3.2), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) (All versions < V3.2), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3) (All versions < V3.2). An internal session termination functionality in the web interface of affected products contains an incorrect authorization check vulnerability. This could allow an authenticated remote attacker with "guest" role to terminate legitimate users' sessions.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 16:15:00 GMT

read more

CVE-2025-40569 - Siemens SCALANCE Web Interface Load Configuration Remote Authentication Bypass Vulnerability

CVE ID : CVE-2025-40569
Published : June 10, 2025, 4:15 p.m. | 1 hour, 3 minutes ago
Description : A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (All versions < V3.2), SCALANCE XC324-4 (6GK5328-4TS00-2AC2) (All versions < V3.2), SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2) (All versions < V3.2), SCALANCE XC332 (6GK5332-0GA00-2AC2) (All versions < V3.2), SCALANCE XC416-8 (6GK5424-8TR00-2AC2) (All versions < V3.2), SCALANCE XC424-4 (6GK5428-4TR00-2AC2) (All versions < V3.2), SCALANCE XC432 (6GK5432-0GR00-2AC2) (All versions < V3.2), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All versions < V3.2), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (All versions < V3.2), SCALANCE XCM328 (6GK5328-4TS01-2AC2) (All versions < V3.2), SCALANCE XCM332 (6GK5332-0GA01-2AC2) (All versions < V3.2), SCALANCE XR302-32 (6GK5334-5TS00-2AR3) (All versions < V3.2), SCALANCE XR302-32 (6GK5334-5TS00-3AR3) (All versions < V3.2), SCALANCE XR302-32 (6GK5334-5TS00-4AR3) (All versions < V3.2), SCALANCE XR322-12 (6GK5334-3TS00-2AR3) (All versions < V3.2), SCALANCE XR322-12 (6GK5334-3TS00-3AR3) (All versions < V3.2), SCALANCE XR322-12 (6GK5334-3TS00-4AR3) (All versions < V3.2), SCALANCE XR326-8 (6GK5334-2TS00-2AR3) (All versions < V3.2), SCALANCE XR326-8 (6GK5334-2TS00-3AR3) (All versions < V3.2), SCALANCE XR326-8 (6GK5334-2TS00-4AR3) (All versions < V3.2), SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3) (All versions < V3.2), SCALANCE XR502-32 (6GK5534-5TR00-2AR3) (All versions < V3.2), SCALANCE XR502-32 (6GK5534-5TR00-3AR3) (All versions < V3.2), SCALANCE XR502-32 (6GK5534-5TR00-4AR3) (All versions < V3.2), SCALANCE XR522-12 (6GK5534-3TR00-2AR3) (All versions < V3.2), SCALANCE XR522-12 (6GK5534-3TR00-3AR3) (All versions < V3.2), SCALANCE XR522-12 (6GK5534-3TR00-4AR3) (All versions < V3.2), SCALANCE XR526-8 (6GK5534-2TR00-2AR3) (All versions < V3.2), SCALANCE XR526-8 (6GK5534-2TR00-3AR3) (All versions < V3.2), SCALANCE XR526-8 (6GK5534-2TR00-4AR3) (All versions < V3.2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) (All versions < V3.2), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) (All versions < V3.2), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) (All versions < V3.2), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3) (All versions < V3.2). The "Load Configuration from Local PC" functionality in the web interface of affected products contains a race condition vulnerability. This could allow an authenticated remote attacker to make the affected product load an attacker controlled configuration instead of the legitimate one. Successful exploitation requires that a legitimate administrator invokes the functionality and the attacker wins the race condition.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 16:15:00 GMT

read more

CVE-2025-40585 - Energy Services G5DFR Default Credentials Backdoor

CVE ID : CVE-2025-40585
Published : June 10, 2025, 4:15 p.m. | 1 hour, 3 minutes ago
Description : A vulnerability has been identified in Energy Services (All versions with G5DFR). Affected solutions using G5DFR contain default credentials. This could allow an attacker to gain control of G5DFR component and tamper with outputs from the device.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 16:15:00 GMT

read more

CVE-2025-40591 - RUGGEDCOM ROX Command Injection Vulnerability

CVE ID : CVE-2025-40591
Published : June 10, 2025, 4:15 p.m. | 1 hour, 3 minutes ago
Description : A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX RX1500 (All versions < V2.16.5), RUGGEDCOM ROX RX1501 (All versions < V2.16.5), RUGGEDCOM ROX RX1510 (All versions < V2.16.5), RUGGEDCOM ROX RX1511 (All versions < V2.16.5), RUGGEDCOM ROX RX1512 (All versions < V2.16.5), RUGGEDCOM ROX RX1524 (All versions < V2.16.5), RUGGEDCOM ROX RX1536 (All versions < V2.16.5), RUGGEDCOM ROX RX5000 (All versions < V2.16.5). The 'Log Viewers' tool in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated remote attacker to execute the 'tail' command with root privileges and disclose contents of all files in the filesystem.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 16:15:00 GMT

read more

CVE-2025-43585 - Adobe Commerce Improper Authorization Security Feature Bypass

CVE ID : CVE-2025-43585
Published : June 10, 2025, 4:15 p.m. | 1 hour, 3 minutes ago
Description : Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access leading to a limited impact to confidentiality and a high impact to integrity. Exploitation of this issue does not require user interaction.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 16:15:00 GMT

read more

CVE-2025-43586 - Adobe Commerce Privilege Escalation Vulnerability

CVE ID : CVE-2025-43586
Published : June 10, 2025, 4:15 p.m. | 1 hour, 3 minutes ago
Description : Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized elevated access. Exploitation of this issue does not require user interaction.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 16:15:00 GMT

read more

CVE-2025-44043 - Keyoti SearchUnit SSRF

CVE ID : CVE-2025-44043
Published : June 10, 2025, 4:15 p.m. | 1 hour, 3 minutes ago
Description : Keyoti SearchUnit prior to 9.0.0. is vulnerable to Server-Side Request Forgery (SSRF) in /Keyoti_SearchEngine_Web_Common/SearchService.svc/GetResults and /Keyoti_SearchEngine_Web_Common/SearchService.svc/GetLocationAndContentCategories. An attacker can specify their own SMB server as the indexDirectory value when making POST requests to the affected components. In doing so an attacker can get the SearchUnit server to read and write configuration and log files from/to the attackers server.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 16:15:00 GMT

read more

CVE-2025-44044 - Keyoti SearchUnit XXE File Exfiltration

CVE ID : CVE-2025-44044
Published : June 10, 2025, 4:15 p.m. | 1 hour, 3 minutes ago
Description : Keyoti SearchUnit prior to 9.0.0. is vulnerable to XML External Entity (XXE). An attacker who can force a vulnerable SearchUnit host into parsing maliciously crafted XML and/or DTD files can exfiltrate some files from the underlying operating system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 16:15:00 GMT

read more

CVE-2025-47110 - Adobe Commerce Stored Cross-Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-47110
Published : June 10, 2025, 4:15 p.m. | 1 hour, 3 minutes ago
Description : Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 16:15:00 GMT

read more

CVE-2025-48067 - OctoPrint File Exfiltration Information Disclosure

CVE ID : CVE-2025-48067
Published : June 10, 2025, 4:15 p.m. | 1 hour, 3 minutes ago
Description : OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the FILE_UPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload folder where they then can be downloaded from. This vulnerability is fixed in 1.11.2.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 16:15:00 GMT

read more

CVE-2025-48879 - OctoPrint Denial of Service (DoS) Vulnerability

CVE ID : CVE-2025-48879
Published : June 10, 2025, 4:15 p.m. | 1 hour, 3 minutes ago
Description : OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. The issue can be triggered by a broken multipart/form-data request lacking an end boundary to any of OctoPrint's endpoints implemented through the octoprint.server.util.tornado.UploadStorageFallbackHandler request handler. The request handler will get stuck in an endless busy loop, looking for a part of the request that will never come. As Tornado is single-threaded, that will effectively block the whole web server. The vulnerability has been patched in version 1.11.2.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 16:15:00 GMT

read more

CVE-2025-48937 - Matrix-Rust-SDK Malicious Homeserver Operator Event Forgery

CVE ID : CVE-2025-48937
Published : June 10, 2025, 4:15 p.m. | 1 hour, 3 minutes ago
Description : matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those events appear to the recipient as if they were sent by another user. This vulnerability is fixed in 0.11.1 and 0.12.0.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 16:15:00 GMT

read more

CVE-2025-49142 - Nautobot Jinja2 Templating Feature Privilege Escalation Vulnerability

CVE ID : CVE-2025-49142
Published : June 10, 2025, 4:15 p.m. | 1 hour, 3 minutes ago
Description : Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a malicious user could configure this feature set in ways that could expose the value of Secrets defined in Nautobot when the templated content is rendered or that could call Python APIs to modify data within Nautobot when the templated content is rendered, bypassing the object permissions assigned to the viewing user. Nautobot versions 1.6.32 and 2.4.10 will include fixes for the vulnerability. The vulnerability can be partially mitigated by configuring object permissions appropriately to limit certain actions to only trusted users.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 16:15:00 GMT

read more

CVE-2025-49143 - Nautobot Unauthenticated File Access Vulnerability

CVE ID : CVE-2025-49143
Published : June 10, 2025, 4:15 p.m. | 1 hour, 3 minutes ago
Description : Nautobot is a Network Source of Truth and Network Automation Platform. Prior to v2.4.10 and v1.6.32 , files uploaded by users to Nautobot's MEDIA_ROOT directory, including DeviceType image attachments as well as images attached to a Location, Device, or Rack, are served to users via a URL endpoint that was not enforcing user authentication. As a consequence, such files can be retrieved by anonymous users who know or can guess the correct URL for a given file. Nautobot v2.4.10 and v1.6.32 address this issue by adding enforcement of Nautobot user authentication to this endpoint.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 16:15:00 GMT

read more

CVE-2025-4653 - Pandora ITSM Command Injection

CVE ID : CVE-2025-4653
Published : June 10, 2025, 4:15 p.m. | 1 hour, 3 minutes ago
Description : Improper Neutralization of Special Elements in the backup name field may allow OS command injection. This issue affects Pandora ITSM 5.0.105.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 16:15:00 GMT

read more

CVE-2025-4678 - Pandora ITSM OS Command Injection

CVE ID : CVE-2025-4678
Published : June 10, 2025, 4:15 p.m. | 1 hour, 3 minutes ago
Description : Improper Neutralization of Special Elements in the chromium_path variable may allow OS command injection. This issue affects Pandora ITSM 5.0.105.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 16:15:00 GMT

read more

CVE-2025-4801 - Apache HTTP Server Command Injection

CVE ID : CVE-2025-4801
Published : June 10, 2025, 4:15 p.m. | 1 hour, 3 minutes ago
Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 16:15:00 GMT

read more

CVE-2025-46612 - Airleader Master and Easy JSP File Upload Remote Command Execution

CVE ID : CVE-2025-46612
Published : June 10, 2025, 3:15 p.m. | 2 hours, 3 minutes ago
Description : The Panel Designer dashboard in Airleader Master and Easy before 6.36 allows remote attackers to execute arbitrary commands via a wizard/workspace.jsp unrestricted file upload. To exploit this, the attacker must login to the administrator console (default credentials are weak and easily guessable) and upload a JSP file via the Panel Designer dashboard.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 15:15:00 GMT

read more

CVE-2025-5335 - Autodesk Installer Privilege Escalation Vulnerability

CVE ID : CVE-2025-5335
Published : June 10, 2025, 3:15 p.m. | 2 hours, 3 minutes ago
Description : A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the Autodesk Installer application. Exploitation of this vulnerability may lead to code execution.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 15:15:00 GMT

read more

CVE-2025-5353 - Ivanti Workspace Control SQL Credential Decryption Vulnerability

CVE ID : CVE-2025-5353
Published : June 10, 2025, 3:15 p.m. | 2 hours, 3 minutes ago
Description : A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 15:15:00 GMT

read more

CVE-2024-29198 - GeoServer SSRF Vulnerability

CVE ID : CVE-2024-29198
Published : June 10, 2025, 3:15 p.m. | 1 hour, 3 minutes ago
Description : GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery (SSRF) via the Demo request endpoint if Proxy Base URL has not been set. Upgrading to GeoServer 2.24.4, or 2.25.2, removes the TestWfsPost servlet resolving this issue.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 15:15:00 GMT

read more

CVE-2024-34711 - GeoServer XML External Entities (XEE) Attack Vulnerability

CVE ID : CVE-2024-34711
Published : June 10, 2025, 3:15 p.m. | 1 hour, 3 minutes ago
Description : GeoServer is an open source server that allows users to share and edit geospatial data. An improper URI validation vulnerability exists that enables an unauthorized attacker to perform XML External Entities (XEE) attack, then send GET request to any HTTP server. By default, GeoServer use PreventLocalEntityResolver class from GeoTools to filter out malicious URIs in XML entities before resolving them. The URI must match the regex (?i)(jar:file|http|vfs)[^?#;]*\\.xsd. But the regex leaves a chance for attackers to request to any HTTP server or limited file. Attacker can abuse this to scan internal networks and gain information about them then exploit further. GeoServer 2.25.0 and greater default to the use of ENTITY_RESOLUTION_ALLOWLIST and does not require you to provide a system property.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 15:15:00 GMT

read more

CVE-2024-38524 - GeoServer Information Disclosure Vulnerability

CVE ID : CVE-2024-38524
Published : June 10, 2025, 3:15 p.m. | 1 hour, 3 minutes ago
Description : GeoServer is an open source server that allows users to share and edit geospatial data. org.geowebcache.GeoWebCacheDispatcher.handleFrontPage(HttpServletRequest, HttpServletResponse) has no check to hide potentially sensitive information from users except for a hidden system property to hide the storage locations that defaults to showing the locations. This vulnerability is fixed in 2.26.2 and 2.25.6.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 15:15:00 GMT

read more

CVE-2024-40625 - GeoServer URL Upload Vulnerability

CVE ID : CVE-2024-40625
Published : June 10, 2025, 3:15 p.m. | 1 hour, 3 minutes ago
Description : GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} allows attackers to upload files with a specified url (with {method} equals 'url') with no restrict. This vulnerability is fixed in 2.26.0.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 15:15:00 GMT

read more

CVE-2025-22455 - Ivanti Workspace Control Hardcoded Key SQL Credential Decryption Vulnerability

CVE ID : CVE-2025-22455
Published : June 10, 2025, 3:15 p.m. | 1 hour, 3 minutes ago
Description : A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 15:15:00 GMT

read more

CVE-2025-22463 - Ivanti Workspace Control Hardcoded Key Decryption Vulnerability

CVE ID : CVE-2025-22463
Published : June 10, 2025, 3:15 p.m. | 1 hour, 3 minutes ago
Description : A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment password.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 15:15:00 GMT

read more

CVE-2025-26394 - SolarWinds Observability Self-Hosted Open Redirection Vulnerability

CVE ID : CVE-2025-26394
Published : June 10, 2025, 3:15 p.m. | 1 hour, 3 minutes ago
Description : SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 15:15:00 GMT

read more

CVE-2025-26395 - SolarWinds Observability Self-Hosted Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-26395
Published : June 10, 2025, 3:15 p.m. | 1 hour, 3 minutes ago
Description : SolarWinds Observability Self-Hosted was susceptible to a cross-site scripting (XSS) vulnerability due to an unsanitized field in the URL. The attack requires authentication using an administrator-level account and user interaction is required.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 15:15:00 GMT

read more

CVE-2025-27505 - GeoServer REST API Index Disclosure

CVE ID : CVE-2025-27505
Published : June 10, 2025, 3:15 p.m. | 1 hour, 3 minutes ago
Description : GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the default REST API security and access the index page. The REST API security handles rest and its subpaths but not rest with an extension (e.g., rest.html). The REST API index can disclose whether certain extensions are installed. This vulnerability is fixed in 2.26.3 and 2.25.6. As a workaround, in ${GEOSERVER_DATA_DIR}/security/config.xml, change the paths for the rest filter to /rest.*,/rest/** and change the paths for the gwc filter to /gwc/rest.*,/gwc/rest/** and restart GeoServer.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 15:15:00 GMT

read more

CVE-2025-30145 - GeoServer Jiffle Script Denial of Service Vulnerability

CVE ID : CVE-2025-30145
Published : June 10, 2025, 3:15 p.m. | 1 hour, 3 minutes ago
Description : GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter an infinite loop to trigger denial of service. This vulnerability is fixed in 2.27.0, 2.26.3, and 2.25.7. This vulnerability can be mitigated by disabling WMS dynamic styling and the Jiffle process.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 15:15:00 GMT

read more

CVE-2025-37100 - HPE Aruba Networking Private 5G Core Filesystem Information Disclosure

CVE ID : CVE-2025-37100
Published : June 10, 2025, 3:15 p.m. | 1 hour, 3 minutes ago
Description : A vulnerability in the APIs of HPE Aruba Networking Private 5G Core could potentially expose sensitive information to unauthorized users. A successful exploitation could allow an attacker to iteratively navigate through the filesystem and ultimately download protected system files containing sensitive information.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 15:15:00 GMT

read more

CVE-2025-49454 - LoftOcean TinySalt PHP Remote File Inclusion Vulnerability

CVE ID : CVE-2025-49454
Published : June 10, 2025, 1:15 p.m. | 3 hours, 3 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean TinySalt allows PHP Local File Inclusion.This issue affects TinySalt: from n/a before 3.10.0.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 13:15:00 GMT

read more

CVE-2025-49455 - LoftOcean TinySalt Object Injection Vulnerability

CVE ID : CVE-2025-49455
Published : June 10, 2025, 1:15 p.m. | 3 hours, 3 minutes ago
Description : Deserialization of Untrusted Data vulnerability in LoftOcean TinySalt allows Object Injection.This issue affects TinySalt: from n/a before 3.10.0.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 13:15:00 GMT

read more

CVE-2025-49507 - LoftOcean CozyStay Deserialization of Untrusted Data Object Injection Vulnerability

CVE ID : CVE-2025-49507
Published : June 10, 2025, 1:15 p.m. | 3 hours, 3 minutes ago
Description : Deserialization of Untrusted Data vulnerability in LoftOcean CozyStay allows Object Injection.This issue affects CozyStay: from n/a before 1.7.1.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 13:15:00 GMT

read more

CVE-2025-49509 - Roland Beaussant Audio Editor Recorder Missing Authorization Vulnerability

CVE ID : CVE-2025-49509
Published : June 10, 2025, 1:15 p.m. | 3 hours, 3 minutes ago
Description : Missing Authorization vulnerability in Roland Beaussant Audio Editor & Recorder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audio Editor & Recorder: from n/a through 2.2.1.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 13:15:00 GMT

read more

CVE-2025-49510 - WooCommerce Min Max Step Quantity Limits Manager CSRF Vulnerability

CVE ID : CVE-2025-49510
Published : June 10, 2025, 1:15 p.m. | 3 hours, 3 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Min Max Step Quantity Limits Manager for WooCommerce allows Cross Site Request Forgery.This issue affects Min Max Step Quantity Limits Manager for WooCommerce: from n/a through 5.1.0.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 13:15:00 GMT

read more

CVE-2025-49511 - Civi Framework CSRF

CVE ID : CVE-2025-49511
Published : June 10, 2025, 1:15 p.m. | 3 hours, 3 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in uxper Civi Framework allows Cross Site Request Forgery.This issue affects Civi Framework: from n/a through 2.1.6.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 13:15:00 GMT

read more

CVE-2025-43699 - Salesforce OmniStudio FlexCards Field Level Security Bypass

CVE ID : CVE-2025-43699
Published : June 10, 2025, 12:15 p.m. | 4 hours, 3 minutes ago
Description : Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of field level security controls for OmniUICard objects.  This impacts OmniStudio: before Spring 2025
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 12:15:00 GMT

read more

CVE-2025-43700 - Salesforce OmniStudio FlexCards Data Exposure Permission Vulnerability

CVE ID : CVE-2025-43700
Published : June 10, 2025, 12:15 p.m. | 4 hours, 3 minutes ago
Description : Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of encrypted data.  This impacts OmniStudio: before Spring 2025.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 12:15:00 GMT

read more

CVE-2025-43701 - Salesforce OmniStudio FlexCards Information Disclosure Vulnerability

CVE ID : CVE-2025-43701
Published : June 10, 2025, 12:15 p.m. | 4 hours, 3 minutes ago
Description : Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of Custom Settings data.  This impacts OmniStudio: before version 254.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 12:15:00 GMT

read more

CVE-2025-4577 - Smash Balloon Social Post Feed - WordPress Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-4577
Published : June 10, 2025, 12:15 p.m. | 4 hours, 3 minutes ago
Description : The Smash Balloon Social Post Feed – Simple Social Feeds for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-color attribute in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 12:15:00 GMT

read more

CVE-2025-4774 - Elementor Premium Addons Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-4774
Published : June 10, 2025, 12:15 p.m. | 4 hours, 3 minutes ago
Description : The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-countdown attribute of Countdown widget in all versions up to, and including, 4.11.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 12:15:00 GMT

read more

CVE-2025-2918 - WordPress Blocks Plugin Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-2918
Published : June 10, 2025, 12:15 p.m. | 3 hours, 3 minutes ago
Description : The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 12:15:00 GMT

read more

CVE-2025-43697 - Salesforce OmniStudio DataMapper Permission Preservation Encryption Exposure Vulnerability

CVE ID : CVE-2025-43697
Published : June 10, 2025, 12:15 p.m. | 3 hours, 3 minutes ago
Description : Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (DataMapper) allows exposure of encrypted data. This impacts OmniStudio: before Spring 2025
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 12:15:00 GMT

read more

CVE-2025-43698 - Salesforce OmniStudio FlexCards Field Level Security Bypass Vulnerability

CVE ID : CVE-2025-43698
Published : June 10, 2025, 12:15 p.m. | 3 hours, 3 minutes ago
Description : Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of field level security controls for Salesforce objects. This impacts OmniStudio: before Spring 2025
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 12:15:00 GMT

read more

CVE-2024-13089 - Nozomi Networks Guardian and CMC OS Command Injection Vulnerability

CVE ID : CVE-2024-13089
Published : June 10, 2025, 11:15 a.m. | 4 hours, 2 minutes ago
Description : An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands. Users with administrative privileges may upload update packages to upgrade the versions of Nozomi Networks Guardian and CMC. While these updates are signed and their signatures are validated prior to installation, an improper signature validation check has been identified. This issue could potentially enable users to execute commands remotely on the appliance, thereby impacting confidentiality, integrity, and availability.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 11:15:00 GMT

read more

CVE-2024-13090 - Apache Sudo Privilege Escalation Vulnerability

CVE ID : CVE-2024-13090
Published : June 10, 2025, 11:15 a.m. | 4 hours, 2 minutes ago
Description : A privilege escalation vulnerability may enable a service account to elevate its privileges. The sudo rules configured for a local service account were excessively permissive, potentially allowing administrative access if a malicious actor could execute arbitrary commands as that account. It is important to note that no such vector has been identified in this instance.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 11:15:00 GMT

read more

CVE-2025-41657 - Qualcomm Bluetooth Fingerprinting Vulnerability

CVE ID : CVE-2025-41657
Published : June 10, 2025, 11:15 a.m. | 4 hours, 2 minutes ago
Description : Due to an undocumented active bluetooth stack on products delivered within the period 01.01.2024 to 09.05.2025 fingerprinting is possible by an unauthenticated adjacent attacker.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 11:15:00 GMT

read more

CVE-2025-40655 - DM Corporative CMS SQL Injection

CVE ID : CVE-2025-40655
Published : June 10, 2025, 10:15 a.m. | 5 hours, 3 minutes ago
Description : A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the name parameter in /antcatalogue.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 10:15:00 GMT

read more

CVE-2025-40656 - DM Corporative CMS SQL Injection Vulnerability

CVE ID : CVE-2025-40656
Published : June 10, 2025, 10:15 a.m. | 5 hours, 3 minutes ago
Description : A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the cod parameter in /administer/node-selection/data.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 10:15:00 GMT

read more

CVE-2025-40657 - DM Corporative CMS SQL Injection Vulnerability

CVE ID : CVE-2025-40657
Published : June 10, 2025, 10:15 a.m. | 5 hours, 3 minutes ago
Description : A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the codform parameter in /modules/forms/collectform.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 10:15:00 GMT

read more

CVE-2025-40658 - DM Corporative CMS IDOR

CVE ID : CVE-2025-40658
Published : June 10, 2025, 10:15 a.m. | 5 hours, 3 minutes ago
Description : An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelection.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 10:15:00 GMT

read more

CVE-2025-40659 - DM Corporative CMS IDOR

CVE ID : CVE-2025-40659
Published : June 10, 2025, 10:15 a.m. | 5 hours, 3 minutes ago
Description : An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelectionNetworks.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 10:15:00 GMT

read more

CVE-2025-40660 - DM Corporative CMS IDOR Vulnerability

CVE ID : CVE-2025-40660
Published : June 10, 2025, 10:15 a.m. | 5 hours, 3 minutes ago
Description : An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/select node/data.asp?mode=catalogue&id1=1&id2=1session=&cod=1&networks=0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 10:15:00 GMT

read more

CVE-2025-40661 - DM Corporative CMS IDOR Vulnerability

CVE ID : CVE-2025-40661
Published : June 10, 2025, 10:15 a.m. | 5 hours, 3 minutes ago
Description : An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/selection.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 10:15:00 GMT

read more

CVE-2025-40662 - DM Corporative CMS Absolute Path Disclosure

CVE ID : CVE-2025-40662
Published : June 10, 2025, 10:15 a.m. | 5 hours, 3 minutes ago
Description : Absolute path disclosure vulnerability in DM Corporative CMS. This vulnerability allows an attacker to view the contents of webroot/file, if navigating to a non-existent file.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 10:15:00 GMT

read more

CVE-2025-40654 - "DM Corporative CMS SQL Injection Vulnerability"

CVE ID : CVE-2025-40654
Published : June 10, 2025, 10:15 a.m. | 3 hours, 3 minutes ago
Description : A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the name and cod parameters in /antbuspre.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 10:15:00 GMT

read more

CVE-2025-4681 - upKeeper Instant Privilege Access Privilege Abuse Vulnerability

CVE ID : CVE-2025-4681
Published : June 10, 2025, 9:15 a.m. | 4 hours, 3 minutes ago
Description : Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Abuse.This issue affects upKeeper Instant Privilege Access: before 1.4.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 09:15:00 GMT

read more

CVE-2025-5740 - Apache HTTP Server Path Traversal Vulnerability

CVE ID : CVE-2025-5740
Published : June 10, 2025, 9:15 a.m. | 4 hours, 3 minutes ago
Description : CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file writes when an unauthenticated user on the web server manipulates file path.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 09:15:00 GMT

read more

CVE-2025-5741 - "Siemens Charging Station Path Traversal Vulnerability"

CVE ID : CVE-2025-5741
Published : June 10, 2025, 9:15 a.m. | 4 hours, 3 minutes ago
Description : CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file reads from the charging station. The exploitation of this vulnerability does require an authenticated session of the web server.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 09:15:00 GMT

read more

CVE-2025-5742 - Apache Web Server Cross-site Scripting Vulnerability

CVE ID : CVE-2025-5742
Published : June 10, 2025, 9:15 a.m. | 4 hours, 3 minutes ago
Description : CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an authenticated user modifies configuration parameters on the web server
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 09:15:00 GMT

read more

CVE-2025-5743 - "Web Server Charging Station OS Command Injection"

CVE ID : CVE-2025-5743
Published : June 10, 2025, 9:15 a.m. | 4 hours, 3 minutes ago
Description : CWE-78: I Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote control over the charging station when an authenticated user modifies configuration parameters on the web server.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 09:15:00 GMT

read more

CVE-2025-3112 - Apache Webserver Resource Exhaustion Denial of Service

CVE ID : CVE-2025-3112
Published : June 10, 2025, 9:15 a.m. | 2 hours, 58 minutes ago
Description : CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause Denial of Service when an authenticated malicious user sends manipulated HTTPS Content-Length header to the webserver.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 09:15:00 GMT

read more

CVE-2025-3116 - Apache HTTP Server SSL/TLS Denial of Service Vulnerability

CVE ID : CVE-2025-3116
Published : June 10, 2025, 9:15 a.m. | 2 hours, 58 minutes ago
Description : CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends special malformed HTTPS request containing improper formatted body data to the controller.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 09:15:00 GMT

read more

CVE-2025-3117 - Apache Configuration File Cross-site Scripting (XSS)

CVE ID : CVE-2025-3117
Published : June 10, 2025, 9:15 a.m. | 2 hours, 58 minutes ago
Description : CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists impacting configuration file paths that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 09:15:00 GMT

read more

CVE-2025-3898 - Apache Webserver Denial of Service Vulnerability

CVE ID : CVE-2025-3898
Published : June 10, 2025, 9:15 a.m. | 2 hours, 58 minutes ago
Description : CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends HTTPS request containing invalid data type to the webserver.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 09:15:00 GMT

read more

CVE-2025-3899 - Webserver Certificates Cross-site Scripting

CVE ID : CVE-2025-3899
Published : June 10, 2025, 9:15 a.m. | 2 hours, 58 minutes ago
Description : CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in Certificates page on Webserver that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 09:15:00 GMT

read more

CVE-2025-3905 - Siemens PLC Cross-site Scripting

CVE ID : CVE-2025-3905
Published : June 10, 2025, 9:15 a.m. | 2 hours, 58 minutes ago
Description : CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists impacting PLC system variables that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 09:15:00 GMT

read more

CVE-2025-4680 - upKeeper Instant Privilege Access Input Validation Bypass

CVE ID : CVE-2025-4680
Published : June 10, 2025, 9:15 a.m. | 2 hours, 58 minutes ago
Description : Improper Input Validation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects upKeeper Instant Privilege Access: before 1.4.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 09:15:00 GMT

read more

CVE-2025-5945 - Centreon Centreon-web OS Command Injection

CVE ID : CVE-2025-5945
Published : June 10, 2025, 8:15 a.m. | 3 hours, 58 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 08:15:00 GMT

read more

CVE-2025-27817 - Apache Kafka Client Arbitrary File Read and SSRF Vulnerability

CVE ID : CVE-2025-27817
Published : June 10, 2025, 8:15 a.m. | 2 hours, 26 minutes ago
Description : A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url". Apache Kafka allows clients to read an arbitrary file and return the content in the error log, or sending requests to an unintended location. In applications where Apache Kafka Clients configurations can be specified by an untrusted party, attackers may use the "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url" configuratin to read arbitrary contents of the disk and environment variables or make requests to an unintended location. In particular, this flaw may be used in Apache Kafka Connect to escalate from REST API access to filesystem/environment/URL access, which may be undesirable in certain environments, including SaaS products. Since Apache Kafka 3.9.1/4.0.0, we have added a system property ("-Dorg.apache.kafka.sasl.oauthbearer.allowed.urls") to set the allowed urls in SASL JAAS configuration. In 3.9.1, it accepts all urls by default for backward compatibility. However in 4.0.0 and newer, the default value is empty list and users have to set the allowed urls explicitly.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 08:15:00 GMT

read more

CVE-2025-27818 - Apache Kafka LdapLoginModule Deserialization Vulnerability

CVE ID : CVE-2025-27818
Published : June 10, 2025, 8:15 a.m. | 2 hours, 26 minutes ago
Description : A possible security vulnerability has been identified in Apache Kafka. This requires access to a alterConfig to the cluster resource, or Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka clusters since Apache Kafka 2.0.0 (Kafka Connect 2.3.0). When configuring the broker via config file or AlterConfig command, or connector via the Kafka Kafka Connect REST API, an authenticated operator can set the `sasl.jaas.config` property for any of the connector's Kafka clients to "com.sun.security.auth.module.LdapLoginModule", which can be done via the `producer.override.sasl.jaas.config`, `consumer.override.sasl.jaas.config`, or `admin.override.sasl.jaas.config` properties. This will allow the server to connect to the attacker's LDAP server and deserialize the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka connect server. Attacker can cause unrestricted deserialization of untrusted data (or) RCE vulnerability when there are gadgets in the classpath. Since Apache Kafka 3.0.0, users are allowed to specify these properties in connector configurations for Kafka Connect clusters running with out-of-the-box configurations. Before Apache Kafka 3.0.0, users may not specify these properties unless the Kafka Connect cluster has been reconfigured with a connector client override policy that permits them. Since Apache Kafka 3.9.1/4.0.0, we have added a system property ("-Dorg.apache.kafka.disallowed.login.modules") to disable the problematic login modules usage in SASL JAAS configuration. Also by default "com.sun.security.auth.module.JndiLoginModule,com.sun.security.auth.module.LdapLoginModule" are disabled in Apache Kafka Connect 3.9.1/4.0.0. We advise the Kafka users to validate connector configurations and only allow trusted LDAP configurations. Also examine connector dependencies for vulnerable versions and either upgrade their connectors, upgrading that specific dependency, or removing the connectors as options for remediation. Finally, in addition to leveraging the "org.apache.kafka.disallowed.login.modules" system property, Kafka Connect users can also implement their own connector client config override policy, which can be used to control which Kafka client properties can be overridden directly in a connector config and which cannot.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 08:15:00 GMT

read more

CVE-2025-27819 - Apache Kafka SASL JAAS JndiLoginModule RCE/DOS

CVE ID : CVE-2025-27819
Published : June 10, 2025, 8:15 a.m. | 2 hours, 26 minutes ago
Description : In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. But not only Kafka Connect API is vulnerable to this attack, the Apache Kafka brokers also have this vulnerability. To exploit this vulnerability, the attacker needs to be able to connect to the Kafka cluster and have the AlterConfigs permission on the cluster resource. Since Apache Kafka 3.4.0, we have added a system property ("-Dorg.apache.kafka.disallowed.login.modules") to disable the problematic login modules usage in SASL JAAS configuration. Also by default "com.sun.security.auth.module.JndiLoginModule" is disabled in Apache Kafka 3.4.0, and "com.sun.security.auth.module.JndiLoginModule,com.sun.security.auth.module.LdapLoginModule" is disabled by default in in Apache Kafka 3.9.1/4.0.0
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 08:15:00 GMT

read more

CVE-2025-1041 - Avaya Call Management System Remote Command Injection

CVE ID : CVE-2025-1041
Published : June 10, 2025, 6:15 a.m. | 3 hours, 58 minutes ago
Description : An improper input validation discovered in Avaya Call Management System could allow an unauthorized remote command via a specially crafted web request. Affected versions include 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 06:15:00 GMT

read more

CVE-2025-4840 - Inprosysmedia Likes Dislikes Post SQL Injection Vulnerability

CVE ID : CVE-2025-4840
Published : June 10, 2025, 6:15 a.m. | 3 hours, 58 minutes ago
Description : The inprosysmedia-likes-dislikes-post WordPress plugin through 1.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 06:15:00 GMT

read more

CVE-2025-4954 - Axle Demo Importer WordPress File Upload Vulnerability

CVE ID : CVE-2025-4954
Published : June 10, 2025, 6:15 a.m. | 3 hours, 58 minutes ago
Description : The Axle Demo Importer WordPress plugin through 1.0.3 does not validate files to be uploaded, which could allow authenticated users (author and above) to upload arbitrary files such as PHP on the server
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 06:15:00 GMT

read more

CVE-2025-3076 - Elementor Website Builder Pro - Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-3076
Published : June 10, 2025, 5:15 a.m. | 4 hours, 58 minutes ago
Description : The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_text’ parameter in all versions up to, and including, 3.29.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 05:15:00 GMT

read more

CVE-2025-5935 - Open5GS AMF/MME Denial of Service Vulnerability

CVE ID : CVE-2025-5935
Published : June 10, 2025, 5:15 a.m. | 4 hours, 58 minutes ago
Description : A vulnerability was found in Open5GS up to 2.7.3. It has been declared as problematic. Affected by this vulnerability is the function common_register_state of the file src/mme/emm-sm.c of the component AMF/MME. The manipulation of the argument ran_ue_id leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 62cb99755243c9c38e4c060c5d8d0e158fe8cdd5. It is recommended to apply a patch to fix this issue.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 05:15:00 GMT

read more

CVE-2025-5952 - Zend.To OS Command Injection

CVE ID : CVE-2025-5952
Published : June 10, 2025, 5:15 a.m. | 4 hours, 58 minutes ago
Description : A vulnerability, which was classified as critical, has been found in Zend.To up to 6.10-6 Beta. This issue affects the function exec of the file NSSDropoff.php. The manipulation of the argument file_1 leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 6.10-7 is able to address this issue. It is recommended to upgrade the affected component. This affects a rather old version of the software. The vendor recommends updating to the latest release.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 05:15:00 GMT

read more

CVE-2025-5913 - "PHPGurukul Vehicle Record Management System SQL Injection Vulnerability"

CVE ID : CVE-2025-5913
Published : June 10, 2025, 4:15 a.m. | 5 hours, 57 minutes ago
Description : A vulnerability was found in PHPGurukul Vehicle Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/search-vehicle.php. The manipulation of the argument searchinputdata leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 04:15:00 GMT

read more

CVE-2025-5925 - WordPress Bunny's Print CSS CSRF Vulnerability

CVE ID : CVE-2025-5925
Published : June 10, 2025, 4:15 a.m. | 5 hours, 57 minutes ago
Description : The Bunny’s Print CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.95. This is due to missing or incorrect nonce validation on the pcss_options_subpanel() function. This makes it possible for unauthenticated attackers to update settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 04:15:00 GMT

read more

CVE-2025-5934 - Netgear EX3700 Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5934
Published : June 10, 2025, 4:15 a.m. | 5 hours, 57 minutes ago
Description : A vulnerability was found in Netgear EX3700 up to 1.0.0.88. It has been classified as critical. Affected is the function sub_41619C of the file /mtd. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.0.98 is able to address this issue. It is recommended to upgrade the affected component. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 04:15:00 GMT

read more

CVE-2025-4387 - Abandoned Cart Pro for WooCommerce Authenticated Arbitrary File Upload Vulnerability

CVE ID : CVE-2025-4387
Published : June 10, 2025, 4:15 a.m. | 4 hours, 26 minutes ago
Description : The Abandoned Cart Pro for WooCommerce plugin contains an authenticated arbitrary file upload vulnerability due to missing file type validation in the wcap_add_to_cart_popup_upload_files function in all versions up to, and including, 9.16.0. This makes it possible for an authenticated attacker, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may allow for either remote or local code execution depending on the server configuration.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 04:15:00 GMT

read more

CVE-2025-4601 - "RH Real Estate WordPress Theme Privilege Escalation Vulnerability"

CVE ID : CVE-2025-4601
Published : June 10, 2025, 4:15 a.m. | 4 hours, 25 minutes ago
Description : The "RH - Real Estate WordPress Theme" theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 4.4.0. This is due to the theme not properly restricting user roles that can be updated as part of the inspiry_update_profile() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to set their role to that of an administrator. The vulnerability was partially patched in version 4.4.0, and fully patched in version 4.4.1.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 04:15:00 GMT

read more

CVE-2025-5912 - D-Link DIR-632 Remote Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5912
Published : June 10, 2025, 4:15 a.m. | 4 hours, 25 minutes ago
Description : A vulnerability was found in D-Link DIR-632 FW103B08. It has been declared as critical. This vulnerability affects the function do_file of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 04:15:00 GMT

read more

CVE-2024-55595 - Cisco Webex Meeting Server Unvalidated Redirect

CVE ID : CVE-2024-55595
Published : June 10, 2025, 3:15 a.m. | 5 hours, 25 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 03:15:00 GMT

read more

CVE-2025-5910 - TOTOLINK EX1200T HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5910
Published : June 10, 2025, 3:15 a.m. | 5 hours, 25 minutes ago
Description : A vulnerability has been found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWsc of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 03:15:00 GMT

read more

CVE-2025-5911 - TOTOLINK EX1200T HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5911
Published : June 10, 2025, 3:15 a.m. | 5 hours, 25 minutes ago
Description : A vulnerability was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formDMZ of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 03:15:00 GMT

read more

CVE-2025-5909 - TOTOLINK EX1200T HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5909
Published : June 10, 2025, 2:15 a.m. | 6 hours, 26 minutes ago
Description : A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formReflashClientTbl of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 02:15:00 GMT

read more

CVE-2025-42996 - SAP MDM Server Session Hijacking Vulnerability

CVE ID : CVE-2025-42996
Published : June 10, 2025, 1:15 a.m. | 7 hours, 26 minutes ago
Description : SAP MDM Server allows an attacker to gain control of existing client sessions and execute certain functions without having to re-authenticate giving the ability to access or modify non-sensitive information or consume sufficient resources which could degrade the performance of the server causing low impact on confidentiality, integrity and availibility of the application.
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 01:15:00 GMT

read more

CVE-2025-42998 - SAP Business One Authentication Bypass

CVE ID : CVE-2025-42998
Published : June 10, 2025, 1:15 a.m. | 7 hours, 26 minutes ago
Description : The security settings in the SAP Business One Integration Framework are not adequately checked, allowing attackers to bypass the 403 Forbidden error and access restricted pages. This leads to low impact on confidentiality of the application, there is no impact on integrity and availability.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 01:15:00 GMT

read more

CVE-2025-5906 - Code-projects Laundry System Remote Authentication Bypass

CVE ID : CVE-2025-5906
Published : June 10, 2025, 1:15 a.m. | 7 hours, 26 minutes ago
Description : A vulnerability classified as critical has been found in code-projects Laundry System 1.0. This affects an unknown part of the file /data/. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 01:15:00 GMT

read more

CVE-2025-5907 - TOTOLINK EX1200T HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5907
Published : June 10, 2025, 1:15 a.m. | 7 hours, 26 minutes ago
Description : A vulnerability classified as critical was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. This vulnerability affects unknown code of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 01:15:00 GMT

read more

CVE-2025-5908 - TOTOLINK EX1200T HTTP POST Request Handler Buffer Overflow

CVE ID : CVE-2025-5908
Published : June 10, 2025, 1:15 a.m. | 7 hours, 26 minutes ago
Description : A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file /boafrm/formIpQoS of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 01:15:00 GMT

read more

CVE-2025-42991 - SAP S/4HANA Bank Account Application Authorization Bypass

CVE ID : CVE-2025-42991
Published : June 10, 2025, 1:15 a.m. | 6 hours, 58 minutes ago
Description : SAP S/4HANA (Bank Account Application) does not perform necessary authorization checks. This allows an authenticated 'approver' user to delete attachment from bank account application of other user, leading to a low impact on integrity, with no impact on the confidentiality of the data or the availability of the application.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 01:15:00 GMT

read more

CVE-2025-42993 - SAP S/4HANA Unauthorized Event Consumption and Code Execution Vulnerability

CVE ID : CVE-2025-42993
Published : June 10, 2025, 1:15 a.m. | 6 hours, 58 minutes ago
Description : Due to a missing authorization check vulnerability in SAP S/4HANA (Enterprise Event Enablement), an attacker with access to the Inbound Binding Configuration could create an RFC destination and assign an arbitrary high-privilege user. This allows the attacker to consume events via the RFC destination, leading to code execution under the privileges of the assigned high-privilege user. While the vulnerability has a low impact on Availability, it significantly poses a high risk to both Confidentiality and Integrity.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 01:15:00 GMT

read more

CVE-2025-42994 - SAP MDM Server Denial of Service (DoS) Vulnerability

CVE ID : CVE-2025-42994
Published : June 10, 2025, 1:15 a.m. | 6 hours, 58 minutes ago
Description : SAP MDM Server ReadString function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process that would then fail and exit unexpectedly causing high impact on availability with no impact on confidentiality and integrity of the application.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 01:15:00 GMT

read more

CVE-2025-42995 - SAP MDM Server Denial of Service (DoS)

CVE ID : CVE-2025-42995
Published : June 10, 2025, 1:15 a.m. | 6 hours, 58 minutes ago
Description : SAP MDM Server Read function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process that would then fail and exit unexpectedly causing high impact on availability with no impact on confidentiality and integrity of the application.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 01:15:00 GMT

read more

CVE-2025-42988 - SAP Business Objects Business Intelligence Platform Information Disclosure

CVE ID : CVE-2025-42988
Published : June 10, 2025, 1:15 a.m. | 4 hours, 58 minutes ago
Description : Under certain conditions, SAP Business Objects Business Intelligence Platform allows an unauthenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. This disclosure of information could further enable the researcher to cause SSRF. It has no impact on integrity and availability of the application.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 01:15:00 GMT

read more

CVE-2025-42989 - Apache HTTP Server Authentication Bypass Privilege Escalation

CVE ID : CVE-2025-42989
Published : June 10, 2025, 1:15 a.m. | 4 hours, 58 minutes ago
Description : RFC inbound processing�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation the attacker could critically impact both integrity and availability of the application.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 01:15:00 GMT

read more

CVE-2025-42990 - SAPUI5 Cross-Site Scripting (XSS)

CVE ID : CVE-2025-42990
Published : June 10, 2025, 1:15 a.m. | 4 hours, 58 minutes ago
Description : Unprotected SAPUI5 applications allow an attacker with basic privileges to inject malicious HTML code into a webpage, with the goal of redirecting users to the attacker controlled URL. This issue could impact the integrity of the application. Confidentiality or Availability are not impacted.
Severity: 3.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 01:15:00 GMT

read more

CVE-2025-23192 - SAP BusinessObjects Business Intelligence BI Workspace Cross-Site Scripting (XSS)

CVE ID : CVE-2025-23192
Published : June 10, 2025, 1:15 a.m. | 2 hours, 57 minutes ago
Description : SAP BusinessObjects Business Intelligence (BI Workspace) allows an unauthenticated attacker to craft and store malicious script within a workspace. When the victim accesses the workspace, the script will execute in their browser enabling the attacker to potentially access sensitive session information, modify or make browser information unavailable. This leads to a high impact on confidentiality and low impact on integrity, availability.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 01:15:00 GMT

read more

CVE-2025-31325 - SAP NetWeaver Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-31325
Published : June 10, 2025, 1:15 a.m. | 2 hours, 57 minutes ago
Description : Due to a Cross-Site Scripting vulnerability in SAP NetWeaver (ABAP Keyword Documentation), an unauthenticated attacker could inject malicious JavaScript into a web page through an unprotected parameter. When a victim accesses the affected page, the script executes in their browser, providing the attacker limited access to restricted information. The vulnerability does not affect data integrity or availability and operates entirely within the context of the client's browser.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 01:15:00 GMT

read more

CVE-2025-42977 - SAP NetWeaver Visual Composer Directory Traversal Vulnerability

CVE ID : CVE-2025-42977
Published : June 10, 2025, 1:15 a.m. | 2 hours, 57 minutes ago
Description : SAP NetWeaver Visual Composer contains a Directory Traversal vulnerability caused by insufficient validation of input paths provided by a high-privileged user. This allows an attacker to read or modify arbitrary files, resulting in a high impact on confidentiality and a low impact on integrity.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 01:15:00 GMT

read more

CVE-2025-42982 - SAP GRC Authentication Bypass

CVE ID : CVE-2025-42982
Published : June 10, 2025, 1:15 a.m. | 2 hours, 57 minutes ago
Description : SAP GRC allows a non-administrative user to access and initiate transaction which could allow them to modify or control the transmitted system credentials. This causes high impact on confidentiality, integrity and availability of the application.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 01:15:00 GMT

read more

CVE-2025-42983 - SAP Business Warehouse and SAP Plug-In Basis Data Deletion Vulnerability

CVE ID : CVE-2025-42983
Published : June 10, 2025, 1:15 a.m. | 2 hours, 57 minutes ago
Description : SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to drop arbitrary SAP database tables, potentially resulting in a loss of data or rendering the system unusable. On successful exploitation, an attacker can completely delete database entries but is not able to read any data.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 01:15:00 GMT

read more

CVE-2025-42984 - SAP S/4HANA Authorization Bypass

CVE ID : CVE-2025-42984
Published : June 10, 2025, 1:15 a.m. | 2 hours, 57 minutes ago
Description : SAP S/4HANA Manage Central Purchase Contract does not perform necessary authorization checks for an authenticated user. Due to this, an attacker could execute the function import on the entity making it inaccessible for unrestricted user. This has low impact on confidentiality and availability of the application.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 01:15:00 GMT

read more

CVE-2025-42987 - SAP Manage Processing Rules Authorization Bypass

CVE ID : CVE-2025-42987
Published : June 10, 2025, 1:15 a.m. | 2 hours, 57 minutes ago
Description : SAP Manage Processing Rules (For Bank Statement) allows an attacker with basic privileges to edit shared rules of any user by tampering the request parameter. Due to missing authorization check, the attacker can edit rules that should be restricted, compromising the integrity of the application.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 01:15:00 GMT

read more

CVE-2025-5904 - TOTOLINK T10 Buffer Overflow in POST Request Handler

CVE ID : CVE-2025-5904
Published : June 10, 2025, 12:15 a.m. | 3 hours, 57 minutes ago
Description : A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. Affected by this vulnerability is the function setWiFiMeshName of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument device_name leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 00:15:00 GMT

read more

CVE-2025-5905 - TOTOLINK T10 Buffer Overflow in POST Request Handler

CVE ID : CVE-2025-5905
Published : June 10, 2025, 12:15 a.m. | 3 hours, 57 minutes ago
Description : A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been rated as critical. Affected by this issue is the function setWiFiRepeaterCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument Password leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 00:15:00 GMT

read more

CVE-2025-0036 - AMD Versal Adaptive SoC Cryptographic Data Tampering Vulnerability

CVE ID : CVE-2025-0036
Published : June 10, 2025, 12:15 a.m. | 2 hours, 56 minutes ago
Description : In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data.
Severity: 3.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 00:15:00 GMT

read more

CVE-2025-0037 - AMD Versal Adaptive SoC PLM Firmware Memory Access Vulnerability

CVE ID : CVE-2025-0037
Published : June 10, 2025, 12:15 a.m. | 2 hours, 56 minutes ago
Description : In AMD Versal Adaptive SoC devices, the lack of address validation when executing PLM runtime services through the PLM firmware can allow access to isolated or protected memory spaces, resulting in the loss of integrity and confidentiality.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 00:15:00 GMT

read more

CVE-2025-5903 - TOTOLINK T10 Buffer Overflow in POST Request Handler

CVE ID : CVE-2025-5903
Published : June 10, 2025, 12:15 a.m. | 2 hours, 56 minutes ago
Description : A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been classified as critical. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 00:15:00 GMT

read more

CVE-2025-26468 - CyberData Intercom Unauthenticated Remote Denial-of-Service Vulnerability

CVE ID : CVE-2025-26468
Published : June 9, 2025, 11:15 p.m. | 44 minutes ago
Description : CyberData  011209 Intercom exposes features that could allow an unauthenticated to gain access and cause a denial-of-service condition or system disruption.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 23:15:00 GMT

read more

CVE-2025-30183 - CyberData Intercom Unsecured Admin Credentials Vulnerability

CVE ID : CVE-2025-30183
Published : June 9, 2025, 11:15 p.m. | 44 minutes ago
Description : CyberData 011209 Intercom does not properly store or protect web server admin credentials.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 23:15:00 GMT

read more

CVE-2025-30507 - CyberData Intercom SQL Injection Vulnerability

CVE ID : CVE-2025-30507
Published : June 9, 2025, 11:15 p.m. | 44 minutes ago
Description : CyberData 011209 Intercom could allow an unauthenticated user to gather sensitive information through blind SQL injections.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 23:15:00 GMT

read more

CVE-2025-30515 - CyberData Intercom File Upload Vulnerability

CVE ID : CVE-2025-30515
Published : June 9, 2025, 11:15 p.m. | 44 minutes ago
Description : CyberData 011209 Intercom could allow an authenticated attacker to upload arbitrary files to multiple locations within the system.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 23:15:00 GMT

read more

CVE-2025-5901 - TOTOLINK T10 Buffer Overflow in POST Request Handler

CVE ID : CVE-2025-5901
Published : June 9, 2025, 11:15 p.m. | 44 minutes ago
Description : A vulnerability has been found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 23:15:00 GMT

read more

CVE-2025-5902 - TOTOLINK T10 Buffer Overflow in POST Request Handler

CVE ID : CVE-2025-5902
Published : June 9, 2025, 11:15 p.m. | 44 minutes ago
Description : A vulnerability was found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This issue affects the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument slaveIpList leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 23:15:00 GMT

read more

CVE-2025-30184 - CyberData Intercom Unauthenticated Web Interface Access

CVE ID : CVE-2025-30184
Published : June 9, 2025, 10:15 p.m. | 1 hour, 44 minutes ago
Description : CyberData 011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 22:15:00 GMT

read more

CVE-2025-49140 - Pion Interceptor RTP Packet Panic

CVE ID : CVE-2025-49140
Published : June 9, 2025, 10:15 p.m. | 1 hour, 44 minutes ago
Description : Pion Interceptor is a framework for building RTP/RTCP communication software. Versions v0.1.36 through v0.1.38 contain a bug in a RTP packet factory that can be exploited to trigger a panic with Pion based SFU via crafted RTP packets, This only affect users that use pion/interceptor. Users should upgrade to v0.1.39 or later, which validates that: `padLen > 0 && padLen <= payloadLength` and return error on overflow, avoiding panic. If upgrading is not possible, apply the patch from the pull request manually or drop packets whose P-bit is set but whose padLen is zero or larger than the remaining payload.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 22:15:00 GMT

read more

CVE-2025-5898 - GNU PSPP Out-of-Bounds Write Vulnerability

CVE ID : CVE-2025-5898
Published : June 9, 2025, 10:15 p.m. | 1 hour, 44 minutes ago
Description : A vulnerability classified as critical has been found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to out-of-bounds write. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 22:15:00 GMT

read more

CVE-2025-5899 - "GNU PSPP Heap Free of Memory Vulnerability"

CVE ID : CVE-2025-5899
Published : June 9, 2025, 10:15 p.m. | 1 hour, 44 minutes ago
Description : A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to free of memory not on the heap. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 22:15:00 GMT

read more

CVE-2025-5900 - Tenda AC9 Cross-Site Request Forgery Vulnerability

CVE ID : CVE-2025-5900
Published : June 9, 2025, 10:15 p.m. | 1 hour, 44 minutes ago
Description : A vulnerability, which was classified as problematic, was found in Tenda AC9 15.03.02.13. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 22:15:00 GMT

read more

CVE-2025-49004 - Caido DNS Rebinding Remote Command Execution

CVE ID : CVE-2025-49004
Published : June 9, 2025, 9:15 p.m. | 2 hours, 44 minutes ago
Description : Caido is a web security auditing toolkit. Prior to version 0.48.0, due to the lack of protection for DNS rebinding, Caido can be loaded on an attacker-controlled domain. This allows a malicious website to hijack the authentication flow of Caido and achieve code execution. A malicious website loaded in the browser can hijack the locally running Caido instance and achieve remote command execution during the initial setup. Even if the Caido instance is already configured, an attacker can initiate the authentication flow by performing DNS rebinding. In this case, the victim needs to authorize the request on dashboard.caido.io. Users should upgrade to version 0.48.0 to receive a patch.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 21:15:00 GMT

read more

CVE-2025-49137 - HAX CMS Cross-Site Scripting (XSS)

CVE ID : CVE-2025-49137
Published : June 9, 2025, 9:15 p.m. | 2 hours, 44 minutes ago
Description : HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, the application does not sufficiently sanitize user input, allowing for the execution of arbitrary JavaScript code. The 'saveNode' and 'saveManifest' endpoints take user input and store it in the JSON schema for the site. This content is then rendered in the generated HAX site. Although the application does not allow users to supply a `script` tag, it does allow the use of other HTML tags to run JavaScript. Version 11.0.0 fixes the issue.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 21:15:00 GMT

read more

CVE-2025-49138 - HAX CMS Local File Inclusion Vulnerability

CVE ID : CVE-2025-49138
Published : June 9, 2025, 9:15 p.m. | 2 hours, 44 minutes ago
Description : HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, an authenticated Local File Inclusion (LFI) vulnerability in the HAXCMS saveOutline endpoint allows a low-privileged user to read arbitrary files on the server by manipulating the location field written into site.json. This enables attackers to exfiltrate sensitive system files such as /etc/passwd, application secrets, or configuration files accessible to the web server (www-data). The vulnerability stems from the way the HAXCMS backend handles the location field in the site's outline. When a user sends a POST request to /system/api/saveOutline, the backend stores the provided location value directly into the site.json file associated with the site, without validating or sanitizing the input. Later the location parameter is interpreted by the CMS to resolve and load the content for a given node. If the location field contains a relative path like `../../../etc/passwd`, the application will attempt to read and render that file. Version 11.0.0 fixes the issue.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 21:15:00 GMT

read more

CVE-2025-49139 - HAX CMS Cross-Site Request Forgery (CSRF)

CVE ID : CVE-2025-49139
Published : June 9, 2025, 9:15 p.m. | 2 hours, 44 minutes ago
Description : HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, in the HAX site editor, users can create a website block to load another site in an iframe. The application allows users to supply a target URL in the website block. When the HAX site is visited, the client's browser will query the supplied URL. An authenticated attacker can create a HAX site with a website block pointing at an attacker-controlled server running Responder or a similar tool. The attacker can then conduct a phishing attack by convincing another user to visit their malicious HAX site to harvest credentials. Version 11.0.0 contains a patch for the issue.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 21:15:00 GMT

read more

CVE-2025-49141 - HAX CMS PHP OS Command Injection

CVE ID : CVE-2025-49141
Published : June 9, 2025, 9:15 p.m. | 2 hours, 44 minutes ago
Description : HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.3, the `gitImportSite` functionality obtains a URL string from a POST request and insufficiently validates user input. The `set_remote` function later passes this input into `proc_open`, yielding OS command injection. An authenticated attacker can craft a URL string that bypasses the validation checks employed by the `filter_var` and `strpos` functions in order to execute arbitrary OS commands on the backend server. The attacker can exfiltrate command output via an HTTP request. Version 11.0.3 contains a patch for the issue.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 21:15:00 GMT

read more

CVE-2025-5896 - Tarojs Taro Inefficient Regular Expression Complexity Remote Vulnerability

CVE ID : CVE-2025-5896
Published : June 9, 2025, 9:15 p.m. | 2 hours, 44 minutes ago
Description : A vulnerability was found in tarojs taro up to 4.1.1. It has been declared as problematic. This vulnerability affects unknown code of the file taro/packages/css-to-react-native/src/index.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. Upgrading to version 4.1.2 is able to address this issue. The name of the patch is c2e321a8b6fc873427c466c69f41ed0b5e8814bf. It is recommended to upgrade the affected component.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 21:15:00 GMT

read more

CVE-2025-5897 - Vue.js Vue-CLI Regular Expression Complexity Vulnerability

CVE ID : CVE-2025-5897
Published : June 9, 2025, 9:15 p.m. | 2 hours, 44 minutes ago
Description : A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 21:15:00 GMT

read more

CVE-2025-5892 - RocketChat Regular Expression Complexity Vulnerability

CVE ID : CVE-2025-5892
Published : June 9, 2025, 8:15 p.m. | 3 hours, 44 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in RocketChat up to 7.6.1. This issue affects the function parseMessage of the file /apps/meteor/app/irc/server/servers/RFC2813/parseMessage.js. The manipulation of the argument line leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 20:15:00 GMT

read more

CVE-2025-5895 - Metabase Regular Expression Complexity Remote Vulnerability

CVE ID : CVE-2025-5895
Published : June 9, 2025, 8:15 p.m. | 3 hours, 44 minutes ago
Description : A vulnerability was found in Metabase 54.10. It has been classified as problematic. This affects the function parseDataUri of the file frontend/src/metabase/lib/dom.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The patch is named 4454ebbdc7719016bf80ca0f34859ce5cee9f6b0. It is recommended to apply a patch to fix this issue.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 20:15:00 GMT

read more

CVE-2025-5914 - Libarchive RAR Double-Free Vulnerability

CVE ID : CVE-2025-5914
Published : June 9, 2025, 8:15 p.m. | 3 hours, 44 minutes ago
Description : A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
Severity: 3.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 20:15:00 GMT

read more

CVE-2025-5915 - Apache libarchive Heap Buffer Over-Read Vulnerability

CVE ID : CVE-2025-5915
Published : June 9, 2025, 8:15 p.m. | 3 hours, 44 minutes ago
Description : A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.
Severity: 3.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 20:15:00 GMT

read more

CVE-2025-5916 - Libarchive WARC Archive Integer Overflow Vulnerability

CVE ID : CVE-2025-5916
Published : June 9, 2025, 8:15 p.m. | 3 hours, 44 minutes ago
Description : A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive.
Severity: 3.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 20:15:00 GMT

read more

CVE-2025-5917 - Apache Libarchive Write Overflow Vulnerability

CVE ID : CVE-2025-5917
Published : June 9, 2025, 8:15 p.m. | 3 hours, 44 minutes ago
Description : A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation.
Severity: 2.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 20:15:00 GMT

read more

CVE-2025-5918 - Libarchive bsdtar Out-of-Bounds Read Vulnerability

CVE ID : CVE-2025-5918
Published : June 9, 2025, 8:15 p.m. | 3 hours, 44 minutes ago
Description : A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.
Severity: 3.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 20:15:00 GMT

read more

Publication de la 4e édition de l’Observatoire des métiers 2025

Publication de la 4e édition de l’Observatoire des métiers 2025

anssiadm
À l’occasion de la publication de la quatrième édition de l’Observatoire des métiers, le Centre de Formation à la Sécurité des Systèmes d’Information (CFSSI) de l’ANSSI, en partenariat avec l’AFPA et la DGEFP, fait le point sur les évolutions du marché de l’emploi dans le domaine de la cybersécurité, au cours des cinq dernières années.

Face à une menace cyber toujours plus présente, les différents acteurs du secteur public et privé se doivent de mettre en place des stratégies efficaces pour se protéger. À l’heure où le recrutement de spécialistes en matière de sécurité des systèmes d’information apparaît, de fait, essentiel, l’analyse du marché du travail réalisée dans cette 4e édition de l’Observatoire des métiers démontre que le nombre d’offres d’emploi disponibles a considérablement augmenté dans ce secteur.

Seulement, les employeurs continuent à rencontrer de grandes difficultés pour trouver des candidats, et ce, malgré le développement de nombreuses offres de formations pour répondre aux besoins du marché.

Le rôle de l’Observatoire des métiers

Afin de comprendre les raisons réelles de cette pénurie et d’identifier les leviers les plus pertinents qui pourraient permettre aux politiques publiques de lancer des initiatives capables de résoudre la situation, l’ANSSI, la Délégation générale à l’Emploi et à la Formation professionnelle (DGEFP) et l’Agence nationale pour la formation professionnelle des adultes (Afpa), recensent et collectent des indicateurs concernant les formations en cybersécurité ainsi que les offres d’emploi dans ce domaine, depuis 2021, via l’Observatoire des métiers.

Les résultats de l’enquête 2025 réalisée auprès des professionnels de la cybersécurité

En 2025, l’Observatoire des métiers a reconduit l’enquête menée en 2021 auprès des professionnels de la cybersécurité afin de réaliser une photographie générale de la population composant l’écosystème cyber français. L’objectif étant de mieux connaître certaines de leurs caractéristiques : parcours, profils, cadres d’exercices des missions et perspectives d’évolutions.

Quelques chiffres clés

  • 1 répondant sur 2 travaille dans une structure de 1 000 salariés ou plus et 66 % des répondants travaillent dans le secteur privé.
  • Une large majorité d’hommes, soit 85 % des répondants, composent l’écosystème cyber français.
  • Pour la moitié des répondants, la cybersécurité ne constitue pas leur domaine d’expertise d’origine. En effet, 40 % des répondants ont principalement exercé dans le domaine de l’informatique/ numérique et 12 % ont principalement exercé dans un autre domaine.

Les résultats de l’étude 2025 menée sur le marché du travail des professionnels de la cybersécurité

Cette seconde enquête, réalisée à partir d’un un outil d’agrégation, a permis de quantifier et d’analyser plus de 23 000 offres d’emploi publiées entre juin 2023 et juin 2024, dans le domaine de la cybersécurité, en France. L’objectif ? Identifier les grandes tendances du marché, notamment les types d’offres, le niveau de qualifications attendu ou encore la localisation des offres.

Quelques chiffres clés

  • Une augmentation de 49 % du nombres d’offres d’emploi s’est opérée entre 2019 et 2024.
  • Une large majorité des offres concernent des contrats à durée indéterminée.
  • Le niveau de qualification reste élevé avec 40 % des offres qui requièrent un niveau Bac+5.

Mon, 09 Jun 2025 19:56:00 GMT

read more

CVE-2025-5889 - "Julian Gruber Brace-Expansion Regular Expression Complexity Remote Vulnerability"

CVE ID : CVE-2025-5889
Published : June 9, 2025, 7:15 p.m. | 3 hours, 56 minutes ago
Description : A vulnerability was found in juliangruber brace-expansion up to 1.1.11. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is a5b98a4f30d7813266b221435e1eaaf25a1b0ac5. It is recommended to apply a patch to fix this issue.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 19:15:00 GMT

read more

CVE-2025-5890 - Actions Toolkit Glob Regular Expression Complexity Vulnerability

CVE ID : CVE-2025-5890
Published : June 9, 2025, 7:15 p.m. | 3 hours, 56 minutes ago
Description : A vulnerability classified as problematic has been found in actions toolkit 0.5.0. This affects the function globEscape of the file toolkit/packages/glob/src/internal-pattern.ts of the component glob. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 19:15:00 GMT

read more

CVE-2025-5891 - Unitech pm2 Regular Expression Complexity Vulnerability

CVE ID : CVE-2025-5891
Published : June 9, 2025, 7:15 p.m. | 3 hours, 56 minutes ago
Description : A vulnerability classified as problematic was found in Unitech pm2 up to 6.0.6. This vulnerability affects unknown code of the file /lib/tools/Config.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 19:15:00 GMT

read more

CVE-2025-49652 - Lablup BackendAI Missing Authentication Vulnerability

CVE ID : CVE-2025-49652
Published : June 9, 2025, 6:15 p.m. | 4 hours, 56 minutes ago
Description : Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 18:15:00 GMT

read more

CVE-2025-49653 - Lablup BackendAI Sensitive Data Exposure

CVE ID : CVE-2025-49653
Published : June 9, 2025, 6:15 p.m. | 4 hours, 56 minutes ago
Description : Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 18:15:00 GMT

read more

CVE-2025-5888 - jsnjfz WebStack-Guns Cross-Site Request Forgery Vulnerability

CVE ID : CVE-2025-5888
Published : June 9, 2025, 6:15 p.m. | 4 hours, 56 minutes ago
Description : A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 18:15:00 GMT

read more

CVE-2024-47081 - Requests .netrc Credential Leakage Vulnerability

CVE ID : CVE-2024-47081
Published : June 9, 2025, 6:15 p.m. | 3 hours, 57 minutes ago
Description : Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 18:15:00 GMT

read more

CVE-2025-49651 - Lablup BackendAI Unauthenticated Session Hijacking

CVE ID : CVE-2025-49651
Published : June 9, 2025, 6:15 p.m. | 3 hours, 57 minutes ago
Description : Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 18:15:00 GMT

read more

CVE-2025-46041 - Anchor CMS Stored XSS

CVE ID : CVE-2025-46041
Published : June 9, 2025, 5:15 p.m. | 4 hours, 57 minutes ago
Description : A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface (/admin/pages/add).
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 17:15:00 GMT

read more

CVE-2025-49136 - Listmonk Environment Variable Information Disclosure

CVE ID : CVE-2025-49136
Published : June 9, 2025, 5:15 p.m. | 4 hours, 57 minutes ago
Description : listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to version 5.0.2, the `env` and `expandenv` template functions which is enabled by default in Sprig enables capturing of env variables on host. While this may not be a problem on single-user (super admin) installations, on multi-user installations, this allows non-super-admin users with campaign or template permissions to use the `{{ env }}` template expression to capture sensitive environment variables. Users should upgrade to v5.0.2 to mitigate the issue.
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 17:15:00 GMT

read more

CVE-2025-5887 - jsnjfz WebStack-Guns Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5887
Published : June 9, 2025, 5:15 p.m. | 4 hours, 57 minutes ago
Description : A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been classified as problematic. Affected is an unknown function of the file UserMgrController.java of the component File Upload. The manipulation of the argument File leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 17:15:00 GMT

read more

CVE-2024-46452 - VigyBag Host Header Injection Vulnerability

CVE ID : CVE-2024-46452
Published : June 9, 2025, 5:15 p.m. | 3 hours, 42 minutes ago
Description : A Host Header injection vulnerability in the password reset function of VigyBag Open Source Online Shop commit 3f0e21b allows attackers to redirect victim users to a malicious site via a crafted URL.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 17:15:00 GMT

read more

CVE-2025-29627 - KeeperChat Biometric Authentication Module Privilege Escalation Vulnerability

CVE ID : CVE-2025-29627
Published : June 9, 2025, 5:15 p.m. | 3 hours, 42 minutes ago
Description : An issue in KeeperChat IOS Application v.5.8.8 allows a physically proximate attacker to escalate privileges via the Biometric Authentication Module
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 17:15:00 GMT

read more

CVE-2025-45001 - React Native Keys Information Disclosure

CVE ID : CVE-2025-45001
Published : June 9, 2025, 5:15 p.m. | 3 hours, 42 minutes ago
Description : react-native-keys 0.7.11 is vulnerable to sensitive information disclosure (remote) as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 17:15:00 GMT

read more

CVE-2025-45002 - Vigybag Cross Site Scripting (XSS)

CVE ID : CVE-2025-45002
Published : June 9, 2025, 5:15 p.m. | 3 hours, 42 minutes ago
Description : Vigybag v1.0 and before is vulnerable to Cross Site Scripting (XSS) via the upload profile picture function under my profile.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 17:15:00 GMT

read more

CVE-2025-49296 - Mikado-Themes GrandPrix Path Traversal PHP Local File Inclusion Vulnerability

CVE ID : CVE-2025-49296
Published : June 9, 2025, 4:15 p.m. | 4 hours, 42 minutes ago
Description : Path Traversal vulnerability in Mikado-Themes GrandPrix allows PHP Local File Inclusion. This issue affects GrandPrix: from n/a through 1.6.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-49297 - Mikado-Themes Grill and Chow PHP Local File Inclusion Vulnerability

CVE ID : CVE-2025-49297
Published : June 9, 2025, 4:15 p.m. | 4 hours, 42 minutes ago
Description : Path Traversal vulnerability in Mikado-Themes Grill and Chow allows PHP Local File Inclusion. This issue affects Grill and Chow: from n/a through 1.6.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-5886 - Emlog Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5886
Published : June 9, 2025, 4:15 p.m. | 4 hours, 42 minutes ago
Description : A vulnerability was found in Emlog up to 2.5.7 and classified as problematic. This issue affects some unknown processing of the file /admin/article.php. The manipulation of the argument active_post leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-49277 - Unfoldwp Blogprise PHP Remote File Inclusion Vulnerability

CVE ID : CVE-2025-49277
Published : June 9, 2025, 4:15 p.m. | 3 hours, 35 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Blogprise allows PHP Local File Inclusion. This issue affects Blogprise: from n/a through 1.0.9.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-49278 - Blogty PHP RFI Vulnerability

CVE ID : CVE-2025-49278
Published : June 9, 2025, 4:15 p.m. | 3 hours, 35 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Blogty allows PHP Local File Inclusion. This issue affects Blogty: from n/a through 1.0.11.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-49279 - Unfoldwp Blogvy PHP Remote File Inclusion

CVE ID : CVE-2025-49279
Published : June 9, 2025, 4:15 p.m. | 3 hours, 35 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Blogvy allows PHP Local File Inclusion. This issue affects Blogvy: from n/a through 1.0.7.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-49280 - Magty PHP RFI Vulnerability

CVE ID : CVE-2025-49280
Published : June 9, 2025, 4:15 p.m. | 3 hours, 35 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Magty allows PHP Local File Inclusion. This issue affects Magty: from n/a through 1.0.6.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-49281 - Magways PHP Remote File Inclusion Vulnerability

CVE ID : CVE-2025-49281
Published : June 9, 2025, 4:15 p.m. | 3 hours, 35 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Magways allows PHP Local File Inclusion. This issue affects Magways: from n/a through 1.2.1.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-49282 - Unfoldwp Magze PHP Remote File Inclusion

CVE ID : CVE-2025-49282
Published : June 9, 2025, 4:15 p.m. | 3 hours, 35 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Magze allows PHP Local File Inclusion. This issue affects Magze: from n/a through 1.0.9.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-49295 - Mikado-Themes MediClinic Path Traversal PHP Local File Inclusion

CVE ID : CVE-2025-49295
Published : June 9, 2025, 4:15 p.m. | 3 hours, 35 minutes ago
Description : Path Traversal vulnerability in Mikado-Themes MediClinic allows PHP Local File Inclusion. This issue affects MediClinic: from n/a through 2.1.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-49265 - WP Swings Membership For WooCommerce Missing Authorization

CVE ID : CVE-2025-49265
Published : June 9, 2025, 4:15 p.m. | 2 hours, 55 minutes ago
Description : Missing Authorization vulnerability in WP Swings Membership For WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Membership For WooCommerce: from n/a through 2.8.1.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-49275 - Blogbyte PHP Remote File Inclusion Vulnerability

CVE ID : CVE-2025-49275
Published : June 9, 2025, 4:15 p.m. | 2 hours, 55 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Blogbyte allows PHP Local File Inclusion. This issue affects Blogbyte: from n/a through 1.1.1.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-49276 - Unfoldwp Blogmine PHP Remote File Inclusion Vulnerability

CVE ID : CVE-2025-49276
Published : June 9, 2025, 4:15 p.m. | 2 hours, 55 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Blogmine allows PHP Local File Inclusion. This issue affects Blogmine: from n/a through 1.1.7.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-48126 - g5theme Essential Real Estate PHP Remote File Inclusion Vulnerability

CVE ID : CVE-2025-48126
Published : June 9, 2025, 4:15 p.m. | 41 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate allows PHP Local File Inclusion. This issue affects Essential Real Estate: from n/a through 5.2.1.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-48129 - Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light Privilege Escalation Vulnerability

CVE ID : CVE-2025-48129
Published : June 9, 2025, 4:15 p.m. | 41 minutes ago
Description : Incorrect Privilege Assignment vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light allows Privilege Escalation. This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through 2.4.37.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-48130 - Spice Blocks Path Traversal Vulnerability

CVE ID : CVE-2025-48130
Published : June 9, 2025, 4:15 p.m. | 41 minutes ago
Description : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spicethemes Spice Blocks allows Path Traversal. This issue affects Spice Blocks: from n/a through 2.0.7.2.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-48139 - StyleAI Missing Authorization Vulnerability

CVE ID : CVE-2025-48139
Published : June 9, 2025, 4:15 p.m. | 41 minutes ago
Description : Missing Authorization vulnerability in relentlo StyleAI allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects StyleAI: from n/a through 1.0.4.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-48140 - MetalpriceAPI Code Injection Vulnerability

CVE ID : CVE-2025-48140
Published : June 9, 2025, 4:15 p.m. | 41 minutes ago
Description : Improper Control of Generation of Code ('Code Injection') vulnerability in metalpriceapi MetalpriceAPI allows Code Injection. This issue affects MetalpriceAPI: from n/a through 1.1.4.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-48141 - Alex Zaytseff Multi CryptoCurrency Payments SQL Injection

CVE ID : CVE-2025-48141
Published : June 9, 2025, 4:15 p.m. | 41 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alex Zaytseff Multi CryptoCurrency Payments allows SQL Injection. This issue affects Multi CryptoCurrency Payments: from n/a through 2.0.3.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-48143 - SalesUp! Cross-site Scripting (XSS)

CVE ID : CVE-2025-48143
Published : June 9, 2025, 4:15 p.m. | 41 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in salesup2019 Formulario de contacto SalesUp! allows Reflected XSS. This issue affects Formulario de contacto SalesUp!: from n/a through 1.0.14.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-48147 - CryptoCloud Crypto Payment Gateway Missing Authorization Vulnerability

CVE ID : CVE-2025-48147
Published : June 9, 2025, 4:15 p.m. | 41 minutes ago
Description : Missing Authorization vulnerability in Crypto Cloud CryptoCloud - Crypto Payment Gateway allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CryptoCloud - Crypto Payment Gateway: from n/a through 2.1.2.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-48261 - MultiVendorX Sensitive Data Injection Vulnerability

CVE ID : CVE-2025-48261
Published : June 9, 2025, 4:15 p.m. | 41 minutes ago
Description : Insertion of Sensitive Information Into Sent Data vulnerability in MultiVendorX MultiVendorX allows Retrieve Embedded Sensitive Data. This issue affects MultiVendorX: from n/a through 4.2.22.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-48267 - ThimPress WP Pipes Path Traversal Vulnerability

CVE ID : CVE-2025-48267
Published : June 9, 2025, 4:15 p.m. | 41 minutes ago
Description : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThimPress WP Pipes allows Path Traversal. This issue affects WP Pipes: from n/a through 1.4.2.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-48279 - WC MyParcel Belgium Cross-site Scripting (XSS)

CVE ID : CVE-2025-48279
Published : June 9, 2025, 4:15 p.m. | 41 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Richard Perdaan WC MyParcel Belgium allows Reflected XSS. This issue affects WC MyParcel Belgium: from 4.5.5 through beta.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-48281 - MyStyle Custom Product Designer SQL Injection

CVE ID : CVE-2025-48281
Published : June 9, 2025, 4:15 p.m. | 41 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mystyleplatform MyStyle Custom Product Designer allows Blind SQL Injection. This issue affects MyStyle Custom Product Designer: from n/a through 3.21.1.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-5884 - Konica Minolta bizhub Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5884
Published : June 9, 2025, 3:15 p.m. | 57 minutes ago
Description : A vulnerability, which was classified as problematic, was found in Konica Minolta bizhub up to 20250202. This affects an unknown part of the component Display MFP Information List. The manipulation of the argument Model Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 15:15:00 GMT

read more

CVE-2025-5885 - Konica Minolta bizhub Cross-Site Request Forgery Vulnerability

CVE ID : CVE-2025-5885
Published : June 9, 2025, 3:15 p.m. | 57 minutes ago
Description : A vulnerability has been found in Konica Minolta bizhub up to 20250202 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 15:15:00 GMT

read more

CVE-2025-5880 - Whistle Path Traversal Vulnerability

CVE ID : CVE-2025-5880
Published : June 9, 2025, 2:15 p.m. | 1 hour, 57 minutes ago
Description : A vulnerability has been found in Whistle 2.9.98 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/sessions/get-temp-file. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 14:15:00 GMT

read more

CVE-2025-5881 - Code-projects Chat System SQL Injection Vulnerability

CVE ID : CVE-2025-5881
Published : June 9, 2025, 2:15 p.m. | 1 hour, 57 minutes ago
Description : A vulnerability was found in code-projects Chat System up to 1.0 and classified as critical. This issue affects some unknown processing of the file /user/confirm_password.php. The manipulation of the argument cid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 14:15:00 GMT

read more

CVE-2025-40668 - TCMAN GIM Authentication Bypass

CVE ID : CVE-2025-40668
Published : June 9, 2025, 1:15 p.m. | 2 hours, 57 minutes ago
Description : Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an attacker, with low privilege level, to change the password of other users through a POST request using the parameters idUser, PasswordActual, PasswordNew and PasswordNewRepeat in /PC/WebService.aspx/validateChangePassword%C3%B1a. To exploit the vulnerability the PasswordActual parameter must be empty.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 13:15:00 GMT

read more

CVE-2025-40669 - TCMAN GIM Authorization Bypass

CVE ID : CVE-2025-40669
Published : June 9, 2025, 1:15 p.m. | 2 hours, 57 minutes ago
Description : Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an unprivileged attacker to modify the permissions held by each of the application's users, including the user himself by sending a POST request to /PC/Options.aspx?Command=2&Page=-1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 13:15:00 GMT

read more

CVE-2025-40670 - TCMAN GIM Privilege Escalation Vulnerability

CVE ID : CVE-2025-40670
Published : June 9, 2025, 1:15 p.m. | 2 hours, 57 minutes ago
Description : Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an unprivileged attacker to create a user and assign it many privileges by sending a POST request to /PC/frmGestionUser.aspx/updateUser.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 13:15:00 GMT

read more

CVE-2025-48053 - Discourse Bot URL Availability Denial

CVE ID : CVE-2025-48053
Published : June 9, 2025, 1:15 p.m. | 2 hours, 57 minutes ago
Description : Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, sending a malicious URL in a PM to a bot user can cause a reduced the availability of a Discourse instance. This issue is patched in version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch. No known workarounds are available.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 13:15:00 GMT

read more

CVE-2025-48062 - Discourse HTML Injection Vulnerability

CVE ID : CVE-2025-48062
Published : June 9, 2025, 1:15 p.m. | 2 hours, 57 minutes ago
Description : Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, certain invites via email may result in HTML injection in the email body if the topic title includes HTML. This includes inviting someone (without an account) to a PM and inviting someone (without an account) to a topic with a custom message. This issue is patched in version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch. This can be worked around if the relevant templates are overridden without `{topic_title}`.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 13:15:00 GMT

read more

CVE-2025-48877 - Discourse Codepen Unintended JS Execution Vulnerability

CVE ID : CVE-2025-48877
Published : June 9, 2025, 1:15 p.m. | 2 hours, 57 minutes ago
Description : Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, Codepen is present in the default `allowed_iframes` site setting, and it can potentially auto-run arbitrary JS in the iframe scope, which is unintended. This issue is patched in version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch. As a workaround, the Codepen prefix can be removed from a site's `allowed_iframes`.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 13:15:00 GMT

read more

CVE-2025-49006 - Keycloak Wasp OAuth Authentication ID Case Sensitivity Vulnerability

CVE ID : CVE-2025-49006
Published : June 9, 2025, 1:15 p.m. | 2 hours, 57 minutes ago
Description : Wasp (Web Application Specification) is a Rails-like framework for React, Node.js, and Prisma. Prior to version 0.16.6, Wasp authentication has a vulnerability in the OAuth authentication implementation (affecting only Keycloak with a specific config). Wasp currently lowercases OAuth user IDs before storing / fetching them. This behavior violates OAuth and OpenID Connect specifications and can result in user impersonation, account collisions, and privilege escalation. In practice, out of the OAuth providers that Wasp auth supports, only Keycloak is affected. Keycloak uses a lowercase UUID by default, but users can configure it to be case sensitive, making it affected. Google, GitHub, and Discord use numerical IDs, making them not affected. Users should update their Wasp version to `0.16.6` which has a fix for the problematic behavior. Users using Keycloak can work around the issue by not using a case sensitive user ID in their realm configuration.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 13:15:00 GMT

read more

CVE-2025-49013 - WilderForge GitHub Actions Shell Code Injection Vulnerability

CVE ID : CVE-2025-49013
Published : June 9, 2025, 1:15 p.m. | 2 hours, 57 minutes ago
Description : WilderForge is a Wildermyth coremodding API. A critical vulnerability has been identified in multiple projects across the WilderForge organization. The issue arises from unsafe usage of `${{ github.event.review.body }}` and other user controlled variables directly inside shell script contexts in GitHub Actions workflows. This introduces a code injection vulnerability: a malicious actor submitting a crafted pull request review containing shell metacharacters or commands could execute arbitrary shell code on the GitHub Actions runner. This can lead to arbitrary command execution with the permissions of the workflow, potentially compromising CI infrastructure, secrets, and build outputs. Developers who maintain or contribute to the repos WilderForge/WilderForge, WilderForge/ExampleMod, WilderForge/WilderWorkspace, WilderForge/WildermythGameProvider, WilderForge/AutoSplitter, WilderForge/SpASM, WilderForge/thrixlvault, WilderForge/MassHash, and/or WilderForge/DLC_Disabler; as well as users who fork any of the above repositories and reuse affected GitHub Actions workflows, are affected. End users of any the above software and users who only install pre-built releases or artifacts are not affected. This vulnerability does not impact runtime behavior of the software or compiled outputs unless those outputs were produced during exploitation of this vulnerability. A current workaround is to disable GitHub Actions in affected repositories, or remove the affected workflows.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 13:15:00 GMT

read more

CVE-2025-49130 - Laravel Translation Manager Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-49130
Published : June 9, 2025, 1:15 p.m. | 2 hours, 57 minutes ago
Description : Laravel Translation Manager is a package to manage Laravel translation files. Prior to version 0.6.8, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data. An attacker can inject arbitrary HTML code, including JavaScript scripts, into the page processed by the user's browser, allowing them to steal sensitive data, hijack user sessions, or conduct other malicious activities. Only authenticated users with access to the translation manager are impacted. The issue is fixed in version 0.6.8.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 13:15:00 GMT

read more

CVE-2025-49131 - FastGPT Sandbox Syscall Escalation Vulnerability

CVE ID : CVE-2025-49131
Published : June 9, 2025, 1:15 p.m. | 2 hours, 57 minutes ago
Description : FastGPT is an open-source project that provides a platform for building, deploying, and operating AI-driven workflows and conversational agents. The Sandbox container (fastgpt-sandbox) is a specialized, isolated environment used by FastGPT to safely execute user-submitted or dynamically generated code in isolation. The sandbox before version 4.9.11 has insufficient isolation and inadequate restrictions on code execution by allowing overly permissive syscalls, which allows attackers to escape the intended sandbox boundaries. Attackers could exploit this to read and overwrite arbitrary files and bypass Python module import restrictions. This is patched in version 4.9.11 by restricting the allowed system calls to a safer subset and additional descriptive error messaging.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 13:15:00 GMT

read more

CVE-2025-5877 - Fengoffice XML External Entity Reference Vulnerability

CVE ID : CVE-2025-5877
Published : June 9, 2025, 1:15 p.m. | 2 hours, 57 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in Fengoffice Feng Office 3.2.2.1. Affected by this issue is some unknown functionality of the file /application/models/ApplicationDataObject.class.php of the component Document Upload Handler. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 13:15:00 GMT

read more

CVE-2025-5879 - WuKongOpenSource WukongCRM Remote Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5879
Published : June 9, 2025, 1:15 p.m. | 2 hours, 57 minutes ago
Description : A vulnerability, which was classified as problematic, was found in WuKongOpenSource WukongCRM 9.0. This affects an unknown part of the file AdminSysConfigController.java of the component File Upload. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 13:15:00 GMT

read more

CVE-2025-41444 - Zohocorp ManageEngine ADAudit Plus SQL Injection Vulnerability

CVE ID : CVE-2025-41444
Published : June 9, 2025, 12:15 p.m. | 3 hours, 57 minutes ago
Description : Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 12:15:00 GMT

read more

CVE-2025-5875 - TP-Link TL-IPC544EP-W4 Buffer Overflow Vulnerability

CVE ID : CVE-2025-5875
Published : June 9, 2025, 12:15 p.m. | 3 hours, 57 minutes ago
Description : A vulnerability classified as critical has been found in TP-Link TL-IPC544EP-W4 1.0.9 Build 240428 Rel 69493n. Affected is the function sub_69064 of the file /bin/main. The manipulation of the argument text leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 12:15:00 GMT

read more

CVE-2025-5876 - "Lucky LM-520-SC/FSC/FSC-SAM Remote Missing Authentication Vulnerability"

CVE ID : CVE-2025-5876
Published : June 9, 2025, 12:15 p.m. | 3 hours, 57 minutes ago
Description : A vulnerability classified as problematic was found in Lucky LM-520-SC, LM-520-FSC and LM-520-FSC-SAM up to 20250321. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 12:15:00 GMT

read more

CVE-2025-27709 - Zohocorp ManageEngine ADAudit Plus SQL Injection Vulnerability

CVE ID : CVE-2025-27709
Published : June 9, 2025, 11:15 a.m. | 4 hours, 57 minutes ago
Description : Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 11:15:00 GMT

read more

CVE-2025-36528 - Zohocorp ManageEngine ADAudit Plus SQL Injection Vulnerability

CVE ID : CVE-2025-36528
Published : June 9, 2025, 11:15 a.m. | 4 hours, 57 minutes ago
Description : Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 11:15:00 GMT

read more

CVE-2025-3835 - Zohocorp ManageEngine Exchange Reporter Plus Remote Code Execution Vulnerability

CVE ID : CVE-2025-3835
Published : June 9, 2025, 11:15 a.m. | 4 hours, 57 minutes ago
Description : Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 11:15:00 GMT

read more

CVE-2025-41437 - Zohocorp ManageEngine OpManager Reflected Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-41437
Published : June 9, 2025, 11:15 a.m. | 4 hours, 57 minutes ago
Description : Zohocorp ManageEngine OpManager, NetFlow Analyzer, Network Configuration Manager, Firewall Analyzer and OpUtils versions 128565 and below are vulnerable to Reflected XSS on the login page.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 11:15:00 GMT

read more

CVE-2025-5873 - eCharge Hardy Barth Salia Web UI Unrestricted File Upload Vulnerability

CVE ID : CVE-2025-5873
Published : June 9, 2025, 11:15 a.m. | 4 hours, 57 minutes ago
Description : A vulnerability was found in eCharge Hardy Barth Salia PLCC 2.2.0. It has been declared as critical. This vulnerability affects unknown code of the file /firmware.php of the component Web UI. The manipulation of the argument media leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 11:15:00 GMT

read more

CVE-2025-5874 - Redash getattr Handler Sandbox Bypass Vulnerability

CVE ID : CVE-2025-5874
Published : June 9, 2025, 11:15 a.m. | 4 hours, 57 minutes ago
Description : A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been rated as critical. This issue affects the function run_query of the file /query_runner/python.py of the component getattr Handler. The manipulation leads to sandbox issue. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 11:15:00 GMT

read more

CVE-2025-5871 - Papendorf SOL Connect Center Web Interface Authentication Bypass Vulnerability

CVE ID : CVE-2025-5871
Published : June 9, 2025, 10:15 a.m. | 4 hours, 56 minutes ago
Description : A vulnerability was found in Papendorf SOL Connect Center 3.3.0.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to missing authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 10:15:00 GMT

read more

CVE-2025-5872 - eGauge EG3000 Energy Monitor Authentication Bypass Vulnerability

CVE ID : CVE-2025-5872
Published : June 9, 2025, 10:15 a.m. | 4 hours, 56 minutes ago
Description : A vulnerability was found in eGauge EG3000 Energy Monitor 3.6.3. It has been classified as problematic. This affects an unknown part of the component Setting Handler. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 10:15:00 GMT

read more

CVE-2025-40675 - "Bagisto Reflected Cross-Site Scripting (XSS)"

CVE ID : CVE-2025-40675
Published : June 9, 2025, 10:15 a.m. | 3 hours, 57 minutes ago
Description : A Reflected Cross-Site Scripting (XSS) vulnerability has been found in Bagisto v2.0.0. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the parameter 'query' in '/search'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 10:15:00 GMT

read more

CVE-2025-5870 - TRENDnet TV-IP121W Web Interface Improper Authentication Vulnerability

CVE ID : CVE-2025-5870
Published : June 9, 2025, 9:15 a.m. | 4 hours, 57 minutes ago
Description : A vulnerability has been found in TRENDnet TV-IP121W 1.1.1 Build 36 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/setup.cgi of the component Web Interface. The manipulation leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 09:15:00 GMT

read more

CVE-2025-5869 - RT-Thread sys_recvfrom Memory Corruption Vulnerability

CVE ID : CVE-2025-5869
Published : June 9, 2025, 9:15 a.m. | 2 hours, 57 minutes ago
Description : A vulnerability, which was classified as critical, was found in RT-Thread 5.1.0. Affected is the function sys_recvfrom of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument from leads to memory corruption.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 09:15:00 GMT

read more

CVE-2025-5867 - RT-Thread Null Pointer Dereference Vulnerability

CVE ID : CVE-2025-5867
Published : June 9, 2025, 8:15 a.m. | 3 hours, 57 minutes ago
Description : A vulnerability classified as critical was found in RT-Thread 5.1.0. This vulnerability affects the function csys_sendto of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument to leads to null pointer dereference.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 08:15:00 GMT

read more

CVE-2025-5868 - RT-Thread Array Index Validation Vulnerability

CVE ID : CVE-2025-5868
Published : June 9, 2025, 8:15 a.m. | 3 hours, 57 minutes ago
Description : A vulnerability, which was classified as critical, has been found in RT-Thread 5.1.0. This issue affects the function sys_thread_sigprocmask of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument how leads to improper validation of array index.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 08:15:00 GMT

read more

CVE-2025-5894 - Honding Technology Smart Parking Management System Missing Authorization Privilege Escalation Vulnerability

CVE ID : CVE-2025-5894
Published : June 9, 2025, 8:15 a.m. | 3 hours, 57 minutes ago
Description : Smart Parking Management System from Honding Technology has a Missing Authorization vulnerability, allowing remote attackers with regular privileges to access a specific functionality to create administrator accounts, and subsequently log into the system using those accounts.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 08:15:00 GMT

read more

CVE-2025-5865 - RT-Thread Parameter Handler Memory Corruption Vulnerability

CVE ID : CVE-2025-5865
Published : June 9, 2025, 7:15 a.m. | 4 hours, 57 minutes ago
Description : A vulnerability was found in RT-Thread 5.1.0. It has been rated as critical. Affected by this issue is the function sys_select of the file rt-thread/components/lwp/lwp_syscall.c of the component Parameter Handler. The manipulation of the argument timeout leads to memory corruption. The vendor explains, that "[t]he timeout parameter should be checked to check if it can be accessed correctly in kernel mode and used temporarily in kernel memory."
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 07:15:00 GMT

read more

CVE-2025-5866 - RT-Thread Array Index Validation Vulnerability

CVE ID : CVE-2025-5866
Published : June 9, 2025, 7:15 a.m. | 4 hours, 57 minutes ago
Description : A vulnerability classified as critical has been found in RT-Thread 5.1.0. This affects the function sys_sigprocmask of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument how leads to improper validation of array index.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 07:15:00 GMT

read more

CVE-2025-5893 - Honding Technology Smart Parking Management System Sensitive Information Exposure

CVE ID : CVE-2025-5893
Published : June 9, 2025, 7:15 a.m. | 4 hours, 57 minutes ago
Description : Smart Parking Management System from Honding Technology has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access a specific page and obtain plaintext administrator credentials.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 07:15:00 GMT

read more

CVE-2025-25209 - Red Hat Connectivity Link Information Disclosure Vulnerability

CVE ID : CVE-2025-25209
Published : June 9, 2025, 6:15 a.m. | 5 hours, 57 minutes ago
Description : The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are already in the kuadrant-system instead of copying it to the referred namespace. This creates space for a malicious actor with a developer persona access to leak those secrets over HTTP connection, as long the attacker knows the name of the targeted secrets and those secrets are limited to one line only.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 06:15:00 GMT

read more

CVE-2025-3581 - "Newsletter WordPress Plugin Stored Cross-Site Scripting Vulnerability"

CVE ID : CVE-2025-3581
Published : June 9, 2025, 6:15 a.m. | 5 hours, 57 minutes ago
Description : The Newsletter WordPress plugin before 8.8.5 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 06:15:00 GMT

read more

CVE-2025-3582 - WordPress Newsletter Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-3582
Published : June 9, 2025, 6:15 a.m. | 5 hours, 57 minutes ago
Description : The Newsletter WordPress plugin before 8.85 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 06:15:00 GMT

read more

CVE-2025-47711 - "nbdkit Denial-of-Service Vulnerability"

CVE ID : CVE-2025-47711
Published : June 9, 2025, 6:15 a.m. | 5 hours, 57 minutes ago
Description : There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error, leading to a denial-of-service.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 06:15:00 GMT

read more

CVE-2025-47712 - "nbdkit Blocksize Filter Denial of Service Vulnerability"

CVE ID : CVE-2025-47712
Published : June 9, 2025, 6:15 a.m. | 5 hours, 57 minutes ago
Description : A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. When a client requests block status information for a very large data range, exceeding a certain limit, it causes an internal error in the nbdkit, leading to a denial of service.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 06:15:00 GMT

read more

CVE-2025-4652 - Broadstreet WordPress Reflected Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-4652
Published : June 9, 2025, 6:15 a.m. | 5 hours, 57 minutes ago
Description : The Broadstreet WordPress plugin before 1.51.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 06:15:00 GMT

read more

CVE-2025-5863 - Tenda AC5 Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5863
Published : June 9, 2025, 6:15 a.m. | 5 hours, 57 minutes ago
Description : A vulnerability was found in Tenda AC5 15.03.06.47. It has been classified as critical. Affected is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 06:15:00 GMT

read more

CVE-2025-5864 - Tenda TDSEE App Authentication Bypass

CVE ID : CVE-2025-5864
Published : June 9, 2025, 6:15 a.m. | 5 hours, 57 minutes ago
Description : A vulnerability was found in Tenda TDSEE App up to 1.7.12. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /app/ConfirmSmsCode of the component Password Reset Confirmation Code Handler. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.7.15 is able to address this issue. It is recommended to upgrade the affected component.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 06:15:00 GMT

read more

CVE-2025-25207 - Red Hat Connectivity Link Authorino Denial of Service

CVE ID : CVE-2025-25207
Published : June 9, 2025, 6:15 a.m. | 4 hours, 23 minutes ago
Description : The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with developer persona access can add a large number of those callbacks to be executed by Authorino and as the authentication policy is enforced by a single instance of the service, this leada to a Denial of Service in Authorino while processing the post-authorization callbacks.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 06:15:00 GMT

read more

CVE-2025-25208 - Apache Authorino Authentication Service Denial of Service

CVE ID : CVE-2025-25208
Published : June 9, 2025, 6:15 a.m. | 4 hours, 23 minutes ago
Description : A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 06:15:00 GMT

read more

CVE-2025-5861 - Tenda AC7 Buffer Overflow in AdvSetLanip Function

CVE ID : CVE-2025-5861
Published : June 9, 2025, 5:15 a.m. | 5 hours, 23 minutes ago
Description : A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. This vulnerability affects the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 05:15:00 GMT

read more

CVE-2025-5862 - Tenda AC7 PPTP Form Set Buffer Overflow Vulnerability

CVE ID : CVE-2025-5862
Published : June 9, 2025, 5:15 a.m. | 5 hours, 23 minutes ago
Description : A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. This issue affects the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 05:15:00 GMT

read more

CVE-2025-5859 - PHPGurukul Nipah Virus Testing Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5859
Published : June 9, 2025, 4:15 a.m. | 6 hours, 22 minutes ago
Description : A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /test-details.php. The manipulation of the argument assignto leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 04:15:00 GMT

read more

CVE-2025-5860 - PHPGurukul Maid Hiring Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5860
Published : June 9, 2025, 4:15 a.m. | 6 hours, 22 minutes ago
Description : A vulnerability, which was classified as critical, was found in PHPGurukul Maid Hiring Management System 1.0. This affects an unknown part of the file /admin/search-booking-request.php. The manipulation of the argument searchdata leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 04:15:00 GMT

read more

CVE-2025-5856 - PHPGurukul BP Monitoring Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5856
Published : June 9, 2025, 3:15 a.m. | 5 hours, 55 minutes ago
Description : A vulnerability has been found in PHPGurukul BP Monitoring Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /registration.php. The manipulation of the argument emailid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 03:15:00 GMT

read more

CVE-2025-5857 - "Code-projects Patient Record Management System SQL Injection Vulnerability"

CVE ID : CVE-2025-5857
Published : June 9, 2025, 3:15 a.m. | 5 hours, 55 minutes ago
Description : A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /urinalysis_record.php. The manipulation of the argument itr_no leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 03:15:00 GMT

read more

CVE-2025-5858 - PHPGurukul Nipah Virus Testing Management System SQL Injection

CVE ID : CVE-2025-5858
Published : June 9, 2025, 3:15 a.m. | 5 hours, 55 minutes ago
Description : A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /patient-report.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 03:15:00 GMT

read more

CVE-2025-5855 - Tenda AC6 Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5855
Published : June 9, 2025, 2:15 a.m. | 6 hours, 55 minutes ago
Description : A vulnerability, which was classified as critical, was found in Tenda AC6 15.03.05.16. This affects the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 02:15:00 GMT

read more

CVE-2025-5854 - "Tenda AC6 Buffer Overflow Vulnerability"

CVE ID : CVE-2025-5854
Published : June 9, 2025, 1:15 a.m. | 7 hours, 55 minutes ago
Description : A vulnerability, which was classified as critical, has been found in Tenda AC6 15.03.05.16. Affected by this issue is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 01:15:00 GMT

read more

CVE-2025-5852 - Tenda AC6 PPTP Form Set User List Buffer Overflow

CVE ID : CVE-2025-5852
Published : June 9, 2025, 1:15 a.m. | 5 hours, 22 minutes ago
Description : A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Affected is the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 01:15:00 GMT

read more

CVE-2025-5853 - Tenda AC6 Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5853
Published : June 9, 2025, 1:15 a.m. | 5 hours, 22 minutes ago
Description : A vulnerability classified as critical was found in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg. The manipulation of the argument remoteIp leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 01:15:00 GMT

read more

CVE-2025-5851 - Tenda AC15 HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5851
Published : June 9, 2025, 12:15 a.m. | 6 hours, 22 minutes ago
Description : A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been rated as critical. This issue affects the function fromadvsetlanip of the file /goform/AdvSetLanip of the component HTTP POST Request Handler. The manipulation of the argument lanMask leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 00:15:00 GMT

read more

CVE-2025-5849 - Tenda AC15 HTTP POST Request Handler Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5849
Published : June 8, 2025, 11:15 p.m. | 7 hours, 22 minutes ago
Description : A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been classified as critical. This affects the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the component HTTP POST Request Handler. The manipulation of the argument remoteIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 23:15:00 GMT

read more

CVE-2025-5850 - Tenda AC15 HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5850
Published : June 8, 2025, 11:15 p.m. | 7 hours, 22 minutes ago
Description : A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been declared as critical. This vulnerability affects the function formsetschedled of the file /goform/SetLEDCf of the component HTTP POST Request Handler. The manipulation of the argument Time leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 23:15:00 GMT

read more

CVE-2025-5848 - Tenda AC15 PPTP Buffer Overflow Vulnerability

CVE ID : CVE-2025-5848
Published : June 8, 2025, 10:15 p.m. | 8 hours, 22 minutes ago
Description : A vulnerability was found in Tenda AC15 15.03.05.19_multi and classified as critical. Affected by this issue is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. The manipulation of the argument list leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 22:15:00 GMT

read more

CVE-2025-35004 - Microhard BulletLTE-NA2 and IPn4Gii-NA2 Command Injection Vulnerability

CVE ID : CVE-2025-35004
Published : June 8, 2025, 9:15 p.m. | 8 hours, 57 minutes ago
Description : Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFIP command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record's first publishing.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 21:15:00 GMT

read more

CVE-2025-35005 - Microhard BulletLTE-NA2 and IPn4Gii-NA2 AT+MFMAC Command Injection Vulnerability

CVE ID : CVE-2025-35005
Published : June 8, 2025, 9:15 p.m. | 8 hours, 57 minutes ago
Description : Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFMAC command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record's first publishing.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 21:15:00 GMT

read more

CVE-2025-35006 - Microhard BulletLTE-NA2 and IPn4Gii-NA2 Command Injection Vulnerability

CVE ID : CVE-2025-35006
Published : June 8, 2025, 9:15 p.m. | 8 hours, 57 minutes ago
Description : Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFPORTFWD command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record's first publishing.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 21:15:00 GMT

read more

CVE-2025-35007 - Microhard BulletLTE-NA2/IPn4Gii-NA2 Command Injection Vulnerability

CVE ID : CVE-2025-35007
Published : June 8, 2025, 9:15 p.m. | 8 hours, 57 minutes ago
Description : Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFRULE command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record's first publishing.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 21:15:00 GMT

read more

CVE-2025-35008 - Microhard BulletLTE-NA2/IPn4Gii-NA2 Command Injection Vulnerability

CVE ID : CVE-2025-35008
Published : June 8, 2025, 9:15 p.m. | 8 hours, 57 minutes ago
Description : Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MMNAME command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record's first publishing.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 21:15:00 GMT

read more

CVE-2025-35009 - Microhard BulletLTE-NA2 and IPn4Gii-NA2 Post-Auth Command Injection Vulnerability

CVE ID : CVE-2025-35009
Published : June 8, 2025, 9:15 p.m. | 8 hours, 57 minutes ago
Description : Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MNNETSP command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record's first publishing.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 21:15:00 GMT

read more

CVE-2025-35010 - Microhard BulletLTE-NA2 and IPn4Gii-NA2 Command Injection Vulnerability

CVE ID : CVE-2025-35010
Published : June 8, 2025, 9:15 p.m. | 8 hours, 57 minutes ago
Description : Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MNPINGTM command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record's first publishing.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 21:15:00 GMT

read more

CVE-2025-3459 - Quantenna Wi-Fi Command Injection Vulnerability

CVE ID : CVE-2025-3459
Published : June 8, 2025, 9:15 p.m. | 8 hours, 57 minutes ago
Description : The Quantenna Wi-Fi chipset ships with a local control script, transmit_file, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) . This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 21:15:00 GMT

read more

CVE-2025-3460 - Quantenna Wi-Fi Command Injection Vulnerability

CVE ID : CVE-2025-3460
Published : June 8, 2025, 9:15 p.m. | 8 hours, 57 minutes ago
Description : The Quantenna Wi-Fi chipset ships with a local control script, set_tx_pow, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) . This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 21:15:00 GMT

read more

CVE-2025-3461 - Quantenna Wi-Fi Missing Authentication for Critical Function

CVE ID : CVE-2025-3461
Published : June 8, 2025, 9:15 p.m. | 8 hours, 57 minutes ago
Description : The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, "Missing Authentication for Critical Function," and is estimated as a CVSS 9.1 ( CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) . This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 21:15:00 GMT

read more

CVE-2025-32458 - Quantenna Wi-Fi Chipset Command Injection Vulnerability

CVE ID : CVE-2025-32458
Published : June 8, 2025, 9:15 p.m. | 7 hours, 22 minutes ago
Description : The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_syslog_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) . This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 21:15:00 GMT

read more

CVE-2025-32459 - Quantenna Wi-Fi Command Injection Vulnerability

CVE ID : CVE-2025-32459
Published : June 8, 2025, 9:15 p.m. | 7 hours, 22 minutes ago
Description : The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the sync_time argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) . This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 21:15:00 GMT

read more

CVE-2025-32456 - Quantenna Wi-Fi Command Injection Vulnerability

CVE ID : CVE-2025-32456
Published : June 8, 2025, 9:15 p.m. | 6 hours, 52 minutes ago
Description : The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the put_file_to_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) . This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 21:15:00 GMT

read more

CVE-2025-32457 - Quantenna Wi-Fi Chipset Command Injection Vulnerability

CVE ID : CVE-2025-32457
Published : June 8, 2025, 9:15 p.m. | 6 hours, 52 minutes ago
Description : The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_file_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) . This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 21:15:00 GMT

read more

CVE-2025-32455 - Quantenna Wi-Fi Command Injection Vulnerability

CVE ID : CVE-2025-32455
Published : June 8, 2025, 9:15 p.m. | 5 hours, 41 minutes ago
Description : The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the run_cmd argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) . This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 21:15:00 GMT

read more

CVE-2025-5847 - Tenda AC9 Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5847
Published : June 8, 2025, 2:15 p.m. | 12 hours, 41 minutes ago
Description : A vulnerability has been found in Tenda AC9 15.03.02.13 and classified as critical. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the component HTTP POST Request Handler. The manipulation of the argument remoteIp leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 14:15:00 GMT

read more

CVE-2025-27563 - OpenHarmony Permission Leak

CVE ID : CVE-2025-27563
Published : June 8, 2025, 12:15 p.m. | 14 hours, 41 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 12:15:00 GMT

read more

CVE-2025-26691 - OpenHarmony Information Leak

CVE ID : CVE-2025-26691
Published : June 8, 2025, 12:15 p.m. | 11 hours, 34 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 12:15:00 GMT

read more

CVE-2025-26693 - OpenHarmony File Access Information Leak

CVE ID : CVE-2025-26693
Published : June 8, 2025, 12:15 p.m. | 11 hours, 34 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 12:15:00 GMT

read more

CVE-2025-27131 - OpenHarmony Denial of Service Vulnerability

CVE ID : CVE-2025-27131
Published : June 8, 2025, 12:15 p.m. | 11 hours, 34 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 12:15:00 GMT

read more

CVE-2025-27242 - OpenHarmony Denial of Service Vulnerability

CVE ID : CVE-2025-27242
Published : June 8, 2025, 12:15 p.m. | 11 hours, 34 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 12:15:00 GMT

read more

CVE-2025-27247 - OpenHarmony Information Leak Vulnerability

CVE ID : CVE-2025-27247
Published : June 8, 2025, 12:15 p.m. | 11 hours, 34 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 12:15:00 GMT

read more

CVE-2025-23235 - OpenHarmony Out-of-Bounds Read Denial of Service

CVE ID : CVE-2025-23235
Published : June 8, 2025, 12:15 p.m. | 9 hours, 45 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through out-of-bounds read.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 12:15:00 GMT

read more

CVE-2025-24493 - OpenHarmony race condition information leak vulnerability

CVE ID : CVE-2025-24493
Published : June 8, 2025, 12:15 p.m. | 9 hours, 45 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through race condition.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 12:15:00 GMT

read more

CVE-2025-25217 - Apache OpenHarmony NULL Pointer Dereference DOS

CVE ID : CVE-2025-25217
Published : June 8, 2025, 12:15 p.m. | 9 hours, 45 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 12:15:00 GMT

read more

CVE-2025-20063 - OpenHarmony JavaScript Engine Type Confusion Vulnerability

CVE ID : CVE-2025-20063
Published : June 8, 2025, 12:15 p.m. | 8 hours, 41 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 12:15:00 GMT

read more

CVE-2025-21082 - OpenHarmony Type Confusion Vulnerability

CVE ID : CVE-2025-21082
Published : June 8, 2025, 12:15 p.m. | 8 hours, 41 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 12:15:00 GMT

read more

CVE-2025-38003 - BCM Linux Kernel Use-After-Free (UAF) Vulnerability

CVE ID : CVE-2025-38003
Published : June 8, 2025, 11:15 a.m. | 9 hours, 41 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: can: bcm: add missing rcu read protection for procfs content When the procfs content is generated for a bcm_op which is in the process to be removed the procfs output might show unreliable data (UAF). As the removal of bcm_op's is already implemented with rcu handling this patch adds the missing rcu_read_lock() and makes sure the list entries are properly removed under rcu protection.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 11:15:00 GMT

read more

CVE-2025-38004 - Linux Kernel CAN bcm KASAN Slab-Out-of-Bounds Read

CVE ID : CVE-2025-38004
Published : June 8, 2025, 11:15 a.m. | 9 hours, 41 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: can: bcm: add locking for bcm_op runtime updates The CAN broadcast manager (CAN BCM) can send a sequence of CAN frames via hrtimer. The content and also the length of the sequence can be changed resp reduced at runtime where the 'currframe' counter is then set to zero. Although this appeared to be a safe operation the updates of 'currframe' can be triggered from user space and hrtimer context in bcm_can_tx(). Anderson Nascimento created a proof of concept that triggered a KASAN slab-out-of-bounds read access which can be prevented with a spin_lock_bh. At the rework of bcm_can_tx() the 'count' variable has been moved into the protected section as this variable can be modified from both contexts too.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 11:15:00 GMT

read more

CVE-2025-5026 - Apache HTTP Server Cross-Site Request Forgery (CSRF)

CVE ID : CVE-2025-5026
Published : June 7, 2025, 11:15 p.m. | 21 hours, 41 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 07 Jun 2025 23:15:00 GMT

read more

CVE-2025-5097 - CVE-2022-36466: Apache HTTP Server XML Entity Injection Vulnerability

CVE ID : CVE-2025-5097
Published : June 7, 2025, 11:15 p.m. | 21 hours, 41 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 07 Jun 2025 23:15:00 GMT

read more

CVE-2025-5223 - CVE-2022-36462: Apache HTTP Server Remote Code Execution

CVE ID : CVE-2025-5223
Published : June 7, 2025, 11:15 p.m. | 21 hours, 41 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 07 Jun 2025 23:15:00 GMT

read more

CVE-2025-5242 - CVE-2022-1234: Apache Struts Remote Code Execution Vulnerability

CVE ID : CVE-2025-5242
Published : June 7, 2025, 11:15 p.m. | 21 hours, 41 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 07 Jun 2025 23:15:00 GMT

read more

CVE-2024-55585 - "moPS App Unauthenticated Administrative API Access Vulnerability"

CVE ID : CVE-2024-55585
Published : June 7, 2025, 7:15 p.m. | 1 day, 1 hour ago
Description : In the moPS App through 1.8.618, all users can access administrative API endpoints without additional authentication, resulting in unrestricted read and write access, as demonstrated by /api/v1/users/resetpassword.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 07 Jun 2025 19:15:00 GMT

read more

CVE-2025-5839 - Tenda AC9 POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5839
Published : June 7, 2025, 6:15 p.m. | 1 day, 2 hours ago
Description : A vulnerability, which was classified as critical, has been found in Tenda AC9 15.03.02.13. Affected by this issue is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Handler. The manipulation of the argument lanMask leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 07 Jun 2025 18:15:00 GMT

read more

CVE-2025-5840 - SourceCodester Client Database Management System Unrestricted File Upload Vulnerability

CVE ID : CVE-2025-5840
Published : June 7, 2025, 6:15 p.m. | 1 day, 2 hours ago
Description : A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_update_customer_order.php. The manipulation of the argument uploaded_file leads to unrestricted upload. It is possible to initiate the attack remotely.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 07 Jun 2025 18:15:00 GMT

read more

CVE-2025-5838 - PHPGurukul Employee Record Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5838
Published : June 7, 2025, 4:15 p.m. | 1 day, 4 hours ago
Description : A vulnerability classified as critical was found in PHPGurukul Employee Record Management System 1.3. Affected by this vulnerability is an unknown functionality of the file /admin/adminprofile.php. The manipulation of the argument AdminName leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 07 Jun 2025 16:15:00 GMT

read more

CVE-2025-49619 - Skyvern Jinja Runtime Leak

CVE ID : CVE-2025-49619
Published : June 7, 2025, 2:15 p.m. | 1 day, 6 hours ago
Description : Skyvern through 0.1.85 has a Jinja runtime leak in sdk/workflow/models/block.py.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 07 Jun 2025 14:15:00 GMT

read more

CVE-2025-5836 - Tenda AC9 Command Injection Vulnerability

CVE ID : CVE-2025-5836
Published : June 7, 2025, 2:15 p.m. | 1 day, 6 hours ago
Description : A vulnerability was found in Tenda AC9 15.03.02.13. It has been rated as critical. This issue affects the function formSetIptv of the file /goform/SetIPTVCfg of the component POST Request Handler. The manipulation of the argument list leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 07 Jun 2025 14:15:00 GMT

read more

CVE-2025-5837 - PHPGurukul Employee Record Management System SQL Injection

CVE ID : CVE-2025-5837
Published : June 7, 2025, 2:15 p.m. | 1 day, 6 hours ago
Description : A vulnerability classified as critical has been found in PHPGurukul Employee Record Management System 1.3. Affected is an unknown function of the file /admin/allemployees.php. The manipulation of the argument delid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 07 Jun 2025 14:15:00 GMT

read more

CVE-2025-5568 - WordPress WpEvently Stored Cross-Site Scripting

CVE ID : CVE-2025-5568
Published : June 7, 2025, 12:15 p.m. | 1 day, 1 hour ago
Description : The WpEvently plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 07 Jun 2025 12:15:00 GMT

read more

CVE-2024-9993 - "Elementor Addons for WordPress Stored Cross-Site Scripting Vulnerability"

CVE ID : CVE-2024-9993
Published : June 7, 2025, 12:15 p.m. | 23 hours, 45 minutes ago
Description : The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_event_details_text parameter of Event Calendar Widget in all versions up to, and including, 6.1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 07 Jun 2025 12:15:00 GMT

read more

CVE-2024-9994 - Elementor Addons for WordPress - Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2024-9994
Published : June 7, 2025, 12:15 p.m. | 23 hours, 45 minutes ago
Description : The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_pricing_item_tooltip_content parameter of the Pricing Table Widget in all versions up to, and including, 6.1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 07 Jun 2025 12:15:00 GMT

read more

CVE-2025-5528 - WordPress Sassy Social Share Reflected Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5528
Published : June 7, 2025, 12:15 p.m. | 23 hours, 45 minutes ago
Description : The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in all versions up to, and including, 3.3.75 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action, such as clicking on a link.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 07 Jun 2025 12:15:00 GMT

read more

CVE-2025-5303 - Freightview, Daylight, Day Ross WordPress Plugins - Stored Cross-Site Scripting

CVE ID : CVE-2025-5303
Published : June 7, 2025, 9:15 a.m. | 1 day, 2 hours ago
Description : The LTL Freight Quotes – Freightview Edition, LTL Freight Quotes – Daylight Edition and LTL Freight Quotes – Day & Ross Edition plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the expiry_date parameter in all versions up to, and including, 1.0.11, 2.2.6 and 2.1.10 respectively, due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 07 Jun 2025 09:15:00 GMT

read more

CVE-2025-5399 - "Libcurl WebSocket DoS Vulnerability"

CVE ID : CVE-2025-5399
Published : June 7, 2025, 8:15 a.m. | 1 day, 3 hours ago
Description : Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS libcurl-using application.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 07 Jun 2025 08:15:00 GMT

read more

CVE-2025-47601 - MaxiBlocks Missing Authorization Privilege Escalation

CVE ID : CVE-2025-47601
Published : June 7, 2025, 5:15 a.m. | 1 day, 6 hours ago
Description : Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks allows Privilege Escalation.This issue affects MaxiBlocks: from n/a through 2.1.0.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 07 Jun 2025 05:15:00 GMT

read more

CVE-2025-5814 - WordPress Profiler Data Modification Vulnerability

CVE ID : CVE-2025-5814
Published : June 7, 2025, 5:15 a.m. | 1 day, 6 hours ago
Description : The Profiler – What Slowing Down Your WP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsd_plugin_control() function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to reactivate previously deactivated plugins after accessing the "Profiler" page.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 07 Jun 2025 05:15:00 GMT

read more

CVE-2025-49128 - Jackson-core Information Disclosure Vulnerability

CVE ID : CVE-2025-49128
Published : June 6, 2025, 10:15 p.m. | 1 day, 13 hours ago
Description : Jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. Starting in version 2.0.0 and prior to version 2.13.0, a flaw in jackson-core's `JsonLocation._appendSourceDesc` method allows up to 500 bytes of unintended memory content to be included in exception messages. When parsing JSON from a byte array with an offset and length, the exception message incorrectly reads from the beginning of the array instead of the logical payload start. This results in possible information disclosure in systems using pooled or reused buffers, like Netty or Vert.x. This issue was silently fixed in jackson-core version 2.13.0, released on September 30, 2021, via PR #652. All users should upgrade to version 2.13.0 or later. If upgrading is not immediately possible, applications can mitigate the issue by disabling exception message exposure to clients to avoid returning parsing exception messages in HTTP responses and/or disabling source inclusion in exceptions to prevent Jackson from embedding any source content in exception messages, avoiding leakage.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 22:15:00 GMT

read more

CVE-2025-49127 - Apache Kafka Kafbat UI Deserialization Remote Code Execution

CVE ID : CVE-2025-49127
Published : June 6, 2025, 9:15 p.m. | 1 day, 14 hours ago
Description : Kafbat UI is a web user interface for managing Apache Kafka clusters. An unsafe deserialization vulnerability in version 1.0.0 allows any unauthenticated user to execute arbitrary code on the server. Version 1.1.0 fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 21:15:00 GMT

read more

CVE-2025-5798 - Tenda AC8 Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5798
Published : June 6, 2025, 8:15 p.m. | 1 day, 15 hours ago
Description : A vulnerability was found in Tenda AC8 16.03.34.09. It has been classified as critical. Affected is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument timeType leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 20:15:00 GMT

read more

CVE-2025-5799 - Tenda AC8 Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5799
Published : June 6, 2025, 8:15 p.m. | 1 day, 15 hours ago
Description : A vulnerability was found in Tenda AC8 16.03.34.09. It has been declared as critical. Affected by this vulnerability is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 20:15:00 GMT

read more

CVE-2025-5796 - Code-projects Laundry System Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5796
Published : June 6, 2025, 7:15 p.m. | 1 day, 15 hours ago
Description : A vulnerability has been found in code-projects Laundry System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /data/edit_type.php. The manipulation of the argument Type leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 19:15:00 GMT

read more

CVE-2025-5797 - Laundry Laundry System Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5797
Published : June 6, 2025, 7:15 p.m. | 1 day, 15 hours ago
Description : A vulnerability was found in code-projects Laundry System 1.0 and classified as problematic. This issue affects some unknown processing of the file /data/insert_type.php. The manipulation of the argument Type leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 19:15:00 GMT

read more

CVE-2025-5480 - Action1 OpenSSL Privilege Escalation Vulnerability

CVE ID : CVE-2025-5480
Published : June 6, 2025, 7:15 p.m. | 1 day, 3 hours ago
Description : Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Action1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26767.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 19:15:00 GMT

read more

CVE-2025-5481 - Sante DICOM Viewer Pro DCM File Parsing Remote Code Execution Vulnerability

CVE ID : CVE-2025-5481
Published : June 6, 2025, 7:15 p.m. | 1 day, 3 hours ago
Description : Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26168.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 19:15:00 GMT

read more

CVE-2025-5794 - Tenda AC5 PPTP User List Buffer Overflow Vulnerability

CVE ID : CVE-2025-5794
Published : June 6, 2025, 7:15 p.m. | 1 day, 3 hours ago
Description : A vulnerability, which was classified as critical, has been found in Tenda AC5 15.03.06.47. Affected by this issue is the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 19:15:00 GMT

read more

CVE-2025-5795 - Tenda AC5 Buffer Overflow Vulnerability

CVE ID : CVE-2025-5795
Published : June 6, 2025, 7:15 p.m. | 1 day, 3 hours ago
Description : A vulnerability, which was classified as critical, was found in Tenda AC5 1.0/15.03.06.47. This affects the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 19:15:00 GMT

read more

CVE-2025-5474 - 2BrightSparks SyncBackFree Link Following Local Privilege Escalation Vulnerability

CVE ID : CVE-2025-5474
Published : June 6, 2025, 7:15 p.m. | 23 hours, 18 minutes ago
Description : 2BrightSparks SyncBackFree Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of 2BrightSparks SyncBackFree. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. User interaction on the part of an administrator is also required. The specific flaw exists within the Mirror functionality. By creating a junction, an attacker can abuse the service to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26962.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 19:15:00 GMT

read more

CVE-2025-3485 - Allegra ExtractFileFromZip Directory Traversal Remote Code Execution Vulnerability

CVE ID : CVE-2025-3485
Published : June 6, 2025, 7:15 p.m. | 22 hours, 44 minutes ago
Description : Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the extractFileFromZip method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26524.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 19:15:00 GMT

read more

CVE-2025-5473 - GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability

CVE ID : CVE-2025-5473
Published : June 6, 2025, 7:15 p.m. | 22 hours, 44 minutes ago
Description : GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICO files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26752.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 19:15:00 GMT

read more

CVE-2025-2766 - 70mai A510 Default Password Authentication Bypass

CVE ID : CVE-2025-2766
Published : June 6, 2025, 7:15 p.m. | 20 hours, 44 minutes ago
Description : 70mai A510 Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of 70mai A510. Authentication is not required to exploit this vulnerability. The specific flaw exists within the default configuration of user accounts. The configuration contains default password. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of the root. Was ZDI-CAN-24996.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 19:15:00 GMT

read more

CVE-2025-5790 - TOTOLINK X15 Buffer Overflow Vulnerability

CVE ID : CVE-2025-5790
Published : June 6, 2025, 6:15 p.m. | 19 hours, 32 minutes ago
Description : A vulnerability classified as critical was found in TOTOLINK X15 1.0.0-B20230714.1105. This vulnerability affects unknown code of the file /boafrm/formIpQoS of the component HTTP POST Request Handler. The manipulation of the argument mac leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 18:15:00 GMT

read more

CVE-2025-5792 - TOTOLINK EX1200T HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5792
Published : June 6, 2025, 6:15 p.m. | 19 hours, 32 minutes ago
Description : A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file /boafrm/formWlanRedirect of the component HTTP POST Request Handler. The manipulation of the argument redirect-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 18:15:00 GMT

read more

CVE-2025-5793 - TOTOLINK EX1200T HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5793
Published : June 6, 2025, 6:15 p.m. | 19 hours, 32 minutes ago
Description : A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 18:15:00 GMT

read more

CVE-2025-47950 - CoreDNS QUIC Denial of Service (DoS) Vulnerability

CVE ID : CVE-2025-47950
Published : June 6, 2025, 6:15 p.m. | 17 hours, 44 minutes ago
Description : CoreDNS is a DNS server that chains plugins. In versions prior to 1.12.2, a Denial of Service (DoS) vulnerability exists in the CoreDNS DNS-over-QUIC (DoQ) server implementation. The server previously created a new goroutine for every incoming QUIC stream without imposing any limits on the number of concurrent streams or goroutines. A remote, unauthenticated attacker could open a large number of streams, leading to uncontrolled memory consumption and eventually causing an Out Of Memory (OOM) crash — especially in containerized or memory-constrained environments. The patch in version 1.12.2 introduces two key mitigation mechanisms: `max_streams`, which caps the number of concurrent QUIC streams per connection with a default value of `256`; and `worker_pool_size`, which Introduces a server-wide, bounded worker pool to process incoming streams with a default value of `1024`. This eliminates the 1:1 stream-to-goroutine model and ensures that CoreDNS remains resilient under high concurrency. Some workarounds are available for those who are unable to upgrade. Disable QUIC support by removing or commenting out the `quic://` block in the Corefile, use container runtime resource limits to detect and isolate excessive memory usage, and/or monitor QUIC connection patterns and alert on anomalies.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 18:15:00 GMT

read more

CVE-2025-49011 - SpiceDB Denial of Authorization Vulnerability

CVE ID : CVE-2025-49011
Published : June 6, 2025, 6:15 p.m. | 17 hours, 44 minutes ago
Description : SpiceDB is an open source database for storing and querying fine-grained authorization data. Prior to version 1.44.2, on schemas involving arrows with caveats on the arrow’ed relation, when the path to resolve a CheckPermission request involves the evaluation of multiple caveated branches, requests may return a negative response when a positive response is expected. Version 1.44.2 fixes the issue. As a workaround, do not use caveats in the schema over an arrow’ed relation.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 18:15:00 GMT

read more

CVE-2025-5789 - TOTOLINK X15 HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5789
Published : June 6, 2025, 6:15 p.m. | 17 hours, 44 minutes ago
Description : A vulnerability classified as critical has been found in TOTOLINK X15 1.0.0-B20230714.1105. This affects an unknown part of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 18:15:00 GMT

read more

CVE-2025-5788 - TOTOLINK X15 HTTP POST Request Handler Buffer Overflow

CVE ID : CVE-2025-5788
Published : June 6, 2025, 5:15 p.m. | 18 hours, 44 minutes ago
Description : A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formReflashClientTbl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 17:15:00 GMT

read more

CVE-2025-5787 - TOTOLINK X15 HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5787
Published : June 6, 2025, 5:15 p.m. | 15 hours, 39 minutes ago
Description : A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWsc of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 17:15:00 GMT

read more

CVE-2025-5786 - TOTOLINK X15 HTTP POST Request Handler Buffer Overflow

CVE ID : CVE-2025-5786
Published : June 6, 2025, 5:15 p.m. | 14 hours, 44 minutes ago
Description : A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formDMZ of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 17:15:00 GMT

read more

CVE-2025-49599 - Huawei EG8141A5 EG8145V5 EG8145V5-V2 Firewall Bypass Vulnerability

CVE ID : CVE-2025-49599
Published : June 6, 2025, 5:15 p.m. | 11 hours, 15 minutes ago
Description : Huawei EG8141A5 devices through V5R019C00S100, EG8145V5 devices through V5R019C00S100, and EG8145V5-V2 devices through V5R021C00S184 allow the Epuser account to disable ONT firewall functionality, e.g., to remove the default blocking of the SSH and TELNET TCP ports, aka HWNO-56Q3.
Severity: 4.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 17:15:00 GMT

read more

CVE-2025-5785 - Totolink X15 HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5785
Published : June 6, 2025, 4:15 p.m. | 12 hours, 15 minutes ago
Description : A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This issue affects some unknown processing of the file /boafrm/formWirelessTbl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-5784 - PHPGurukul Employee Record Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5784
Published : June 6, 2025, 4:15 p.m. | 6 hours, 14 minutes ago
Description : A vulnerability has been found in PHPGurukul Employee Record Management System 1.3 and classified as critical. This vulnerability affects unknown code of the file /myexp.php. The manipulation of the argument emp3ctc leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-5783 - PHPGurukul Employee Record Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5783
Published : June 6, 2025, 4:15 p.m. | 4 hours, 39 minutes ago
Description : A vulnerability, which was classified as critical, was found in PHPGurukul Employee Record Management System 1.3. This affects an unknown part of the file /editmyexp.php. The manipulation of the argument emp3workduration leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-5750 - WOLFBOX Level 2 EV Charger TuyaSvcDevosActivateResultParse Heap Buffer Overflow Remote Code Execution Vulnerability

CVE ID : CVE-2025-5750
Published : June 6, 2025, 4:15 p.m. | 3 hours, 36 minutes ago
Description : WOLFBOX Level 2 EV Charger tuya_svc_devos_activate_result_parse Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WOLFBOX Level 2 EV Charger. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the secKey, localKey, stdTimeZone and devId parameters. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26294.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-5751 - WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass

CVE ID : CVE-2025-5751
Published : June 6, 2025, 4:15 p.m. | 3 hours, 36 minutes ago
Description : WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of management cards. The issue results from the lack of personalization of management cards. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26292.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-29883 - ASUSTek File Station SSL/TLS Certificate Validation Vulnerability

CVE ID : CVE-2025-29883
Published : June 6, 2025, 4:15 p.m. | 2 hours, 39 minutes ago
Description : An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4791 and later and later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-29884 - ASUSTek File Station Certificate Validation Vulnerability

CVE ID : CVE-2025-29884
Published : June 6, 2025, 4:15 p.m. | 2 hours, 39 minutes ago
Description : An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4791 and later and later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-29885 - ASUSTek File Station Certificate Validation Bypass

CVE ID : CVE-2025-29885
Published : June 6, 2025, 4:15 p.m. | 2 hours, 39 minutes ago
Description : An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4791 and later and later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-29892 - Qsync Central SQL Injection

CVE ID : CVE-2025-29892
Published : June 6, 2025, 4:15 p.m. | 2 hours, 39 minutes ago
Description : An SQL injection vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.6 ( 2025/03/20 ) and later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-30279 - ASUSTek File Station Certificate Validation Weakness

CVE ID : CVE-2025-30279
Published : June 6, 2025, 4:15 p.m. | 2 hours, 39 minutes ago
Description : An improper certificate validation vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-33031 - ASUSTek File Station Certificate Validation Bypass

CVE ID : CVE-2025-33031
Published : June 6, 2025, 4:15 p.m. | 2 hours, 39 minutes ago
Description : An improper certificate validation vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-33035 - ASUSTek File Station Path Traversal Vulnerability

CVE ID : CVE-2025-33035
Published : June 6, 2025, 4:15 p.m. | 2 hours, 39 minutes ago
Description : A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-5747 - WOLFBOX Level 2 EV Charger Remote Code Execution Vulnerability

CVE ID : CVE-2025-5747
Published : June 6, 2025, 4:15 p.m. | 2 hours, 39 minutes ago
Description : WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installatons of WOLFBOX Level 2 EV Charger devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of command frames received by the MCU. When parsing frames, the process does not properly detect the start of a frame, which can lead to misinterpretation of input. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device. Was ZDI-CAN-26501.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-5748 - WOLFBOX Level 2 EV Charger Remote Code Execution Vulnerability

CVE ID : CVE-2025-5748
Published : June 6, 2025, 4:15 p.m. | 2 hours, 39 minutes ago
Description : WOLFBOX Level 2 EV Charger LAN OTA Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WOLFBOX Level 2 EV Charger. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Tuya communications module software. The issue results from the exposure of a method allowing the upload of crafted software images to the module. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26349.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-5749 - WOLFBOX Level 2 EV Charger BLE Encryption Keys Uninitialized Variable Authentication Bypass

CVE ID : CVE-2025-5749
Published : June 6, 2025, 4:15 p.m. | 2 hours, 39 minutes ago
Description : WOLFBOX Level 2 EV Charger BLE Encryption Keys Uninitialized Variable Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of cryptographic keys used in vendor-specific encrypted communications. The issue results from the lack of proper initialization of a variable prior to accessing it. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26295.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-22490 - ASUSTek File Station NULL Pointer Dereference Denial-of-Service

CVE ID : CVE-2025-22490
Published : June 6, 2025, 4:15 p.m. | 2 hours, 14 minutes ago
Description : A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-29871 - Aspera File Station OOB Read Vulnerability

CVE ID : CVE-2025-29871
Published : June 6, 2025, 4:15 p.m. | 2 hours, 14 minutes ago
Description : An out-of-bounds read vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-29872 - File Station 5 Resource Denial of Service Vulnerability

CVE ID : CVE-2025-29872
Published : June 6, 2025, 4:15 p.m. | 2 hours, 14 minutes ago
Description : An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-29873 - Asus File Station NULL Pointer Dereference Denial of Service

CVE ID : CVE-2025-29873
Published : June 6, 2025, 4:15 p.m. | 2 hours, 14 minutes ago
Description : A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-29876 - Aspera File Station NULL Pointer Dereference Denial-of-Service Vulnerability

CVE ID : CVE-2025-29876
Published : June 6, 2025, 4:15 p.m. | 2 hours, 14 minutes ago
Description : A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-29877 - ASUSTek File Station NULL Pointer Dereference Denial of Service

CVE ID : CVE-2025-29877
Published : June 6, 2025, 4:15 p.m. | 2 hours, 14 minutes ago
Description : A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-22481 - QNAP QTS/QuTS Hero Command Injection Vulnerability

CVE ID : CVE-2025-22481
Published : June 6, 2025, 4:15 p.m. | 54 minutes ago
Description : A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.4.3079 build 20250321 and later QuTS hero h5.2.4.3079 build 20250321 and later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-22482 - Qsync Central Format String Vulnerability

CVE ID : CVE-2025-22482
Published : June 6, 2025, 4:15 p.m. | 54 minutes ago
Description : A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.6 ( 2025/03/20 ) and later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-22484 - ASUSTek File Station Denial of Service (DoS) Vulnerability

CVE ID : CVE-2025-22484
Published : June 6, 2025, 4:15 p.m. | 54 minutes ago
Description : An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-22486 - Asus File Station SSL/TLS Certificate Validation Vulnerability

CVE ID : CVE-2025-22486
Published : June 6, 2025, 4:15 p.m. | 54 minutes ago
Description : An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4791 and later and later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-27531 - Apache InLong Deserialization of Untrusted Data Remote File Read Vulnerability

CVE ID : CVE-2025-27531
Published : June 6, 2025, 3:15 p.m. | 1 hour, 13 minutes ago
Description : Deserialization of Untrusted Data vulnerability in Apache InLong.  This issue affects Apache InLong: from 1.13.0 before 2.1.0, this issue would allow an authenticated attacker to read arbitrary files by double writing the param. Users are recommended to upgrade to version 2.1.0, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 15:15:00 GMT

read more

CVE-2025-41646 - Apache Software Type Confusion Authentication Bypass

CVE ID : CVE-2025-41646
Published : June 6, 2025, 3:15 p.m. | 1 hour, 13 minutes ago
Description : An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 15:15:00 GMT

read more

CVE-2025-5779 - "Code-projects Patient Record Management System SQL Injection Vulnerability"

CVE ID : CVE-2025-5779
Published : June 6, 2025, 3:15 p.m. | 1 hour, 13 minutes ago
Description : A vulnerability has been found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /birthing.php. The manipulation of the argument itr_no/comp_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 15:15:00 GMT

read more

CVE-2025-5780 - Code-projects Patient Record Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5780
Published : June 6, 2025, 3:15 p.m. | 1 hour, 13 minutes ago
Description : A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view_dental.php. The manipulation of the argument itr_no leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 15:15:00 GMT

read more

CVE-2025-5782 - PHPGurukul Employee Record Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5782
Published : June 6, 2025, 3:15 p.m. | 1 hour, 13 minutes ago
Description : A vulnerability, which was classified as critical, has been found in PHPGurukul Employee Record Management System 1.3. Affected by this issue is some unknown functionality of the file /resetpassword.php. The manipulation of the argument newpassword leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 15:15:00 GMT

read more

CVE-2025-0620 - Samba Group Membership Change Delayed Authentication Vulnerability

CVE ID : CVE-2025-0620
Published : June 6, 2025, 2:15 p.m. | 2 hours, 13 minutes ago
Description : A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 14:15:00 GMT

read more

CVE-2025-38001 - Linux Kernel Netem HFSC Double Insertion Uninitialized Use After Free

CVE ID : CVE-2025-38001
Published : June 6, 2025, 2:15 p.m. | 2 hours, 13 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: "We are writing to report that this recent patch (141d34391abbb315d68556b7c67ad97885407547) [1] can be bypassed, and a UAF can still occur when HFSC is utilized with NETEM. The patch only checks the cl->cl_nactive field to determine whether it is the first insertion or not [2], but this field is only incremented by init_vf [3]. By using HFSC_RSC (which uses init_ed) [4], it is possible to bypass the check and insert the class twice in the eltree. Under normal conditions, this would lead to an infinite loop in hfsc_dequeue for the reasons we already explained in this report [5]. However, if TBF is added as root qdisc and it is configured with a very low rate, it can be utilized to prevent packets from being dequeued. This behavior can be exploited to perform subsequent insertions in the HFSC eltree and cause a UAF." To fix both the UAF and the infinite loop, with netem as an hfsc child, check explicitly in hfsc_enqueue whether the class is already in the eltree whenever the HFSC_RSC flag is set. [1] https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=141d34391abbb315d68556b7c67ad97885407547 [2] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L1572 [3] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L677 [4] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L1574 [5] https://lore.kernel.org/netdev/8DuRWwfqjoRDLDmBMlIfbrsZg9Gx50DHJc1ilxsEBNe2D6NMoigR_eIRIG0LOjMc3r10nUUZtArXx4oZBIdUfZQrwjcQhdinnMis_0G7VEk=@willsroot.io/T/#u
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 14:15:00 GMT

read more

CVE-2025-38002 - Linux Kernel io_uring fdinfo Lock Bypass Vulnerability

CVE ID : CVE-2025-38002
Published : June 6, 2025, 2:15 p.m. | 2 hours, 13 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: io_uring/fdinfo: grab ctx->uring_lock around io_uring_show_fdinfo() Not everything requires locking in there, which is why the 'has_lock' variable exists. But enough does that it's a bit unwieldy to manage. Wrap the whole thing in a ->uring_lock trylock, and just return with no output if we fail to grab it. The existing trylock() will already have greatly diminished utility/output for the failure case. This fixes an issue with reading the SQE fields, if the ring is being actively resized at the same time.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 14:15:00 GMT

read more

CVE-2025-5778 - "ABC Courier Management System SQL Injection Vulnerability"

CVE ID : CVE-2025-5778
Published : June 6, 2025, 2:15 p.m. | 2 hours, 13 minutes ago
Description : A vulnerability, which was classified as critical, was found in 1000 Projects ABC Courier Management System 1.0. Affected is an unknown function of the file /adminSQL. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 14:15:00 GMT

read more

CVE-2025-5791 - Rust Crate Root Group Privilege Escalation

CVE ID : CVE-2025-5791
Published : June 6, 2025, 2:15 p.m. | 2 hours, 13 minutes ago
Description : A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 14:15:00 GMT

read more

CVE-2025-5806 - Jenkins Gatling Plugin Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5806
Published : June 6, 2025, 2:15 p.m. | 2 hours, 13 minutes ago
Description : Jenkins Gatling Plugin 136.vb_9009b_3d33a_e serves Gatling reports in a manner that bypasses the Content-Security-Policy protection introduced in Jenkins 1.641 and 1.625, resulting in a cross-site scripting (XSS) vulnerability exploitable by users able to change report content.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 14:15:00 GMT

read more

CVE-2025-49450 - mhallmann SEPA Girocode Cross-site Scripting

CVE ID : CVE-2025-49450
Published : June 6, 2025, 1:16 p.m. | 3 hours, 13 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mhallmann SEPA Girocode allows Stored XSS. This issue affects SEPA Girocode: from n/a through 0.5.1.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:16:00 GMT

read more

CVE-2025-49453 - Jatinder Pal Singh BP Profile CSRF Stored XSS

CVE ID : CVE-2025-49453
Published : June 6, 2025, 1:16 p.m. | 3 hours, 13 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Jatinder Pal Singh BP Profile as Homepage allows Stored XSS. This issue affects BP Profile as Homepage: from n/a through 1.1.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:16:00 GMT

read more

CVE-2025-5764 - Code-projects Laundry System Cross Site Scripting (XSS)

CVE ID : CVE-2025-5764
Published : June 6, 2025, 1:16 p.m. | 3 hours, 13 minutes ago
Description : A vulnerability was found in code-projects Laundry System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /data/insert_laundry.php. The manipulation of the argument Customer leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:16:00 GMT

read more

CVE-2025-5765 - Code-projects Laundry System Cross Site Scripting Vulnerability

CVE ID : CVE-2025-5765
Published : June 6, 2025, 1:16 p.m. | 3 hours, 13 minutes ago
Description : A vulnerability was found in code-projects Laundry System 1.0. It has been classified as problematic. This affects an unknown part of the file /data/edit_laundry.php. The manipulation of the argument Customer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:16:00 GMT

read more

CVE-2025-5766 - Code-projects Laundry System Cross-Site Request Forgery Vulnerability

CVE ID : CVE-2025-5766
Published : June 6, 2025, 1:16 p.m. | 3 hours, 13 minutes ago
Description : A vulnerability was found in code-projects Laundry System 1.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:16:00 GMT

read more

CVE-2025-49435 - Hasina77 Wp Easy Allopass CSRF Vulnerability

CVE ID : CVE-2025-49435
Published : June 6, 2025, 1:15 p.m. | 3 hours, 13 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Hasina77 Wp Easy Allopass allows Cross Site Request Forgery. This issue affects Wp Easy Allopass: from n/a through 4.1.1.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-49439 - Mariusz88AtelierWeb Atelier Create CV CSRF Vulnerability

CVE ID : CVE-2025-49439
Published : June 6, 2025, 1:15 p.m. | 3 hours, 13 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in mariusz88atelierweb Atelier Create CV allows Cross Site Request Forgery. This issue affects Atelier Create CV: from n/a through 1.1.2.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-49440 - Vuong Nguyen WP Security Master CSRF Vulnerability

CVE ID : CVE-2025-49440
Published : June 6, 2025, 1:15 p.m. | 3 hours, 13 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Vuong Nguyen WP Security Master allows Cross Site Request Forgery. This issue affects WP Security Master: from n/a through 1.0.2.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-49441 - WordPress Map Plugins Interactive Regional Map of Florida Authorization Bypass

CVE ID : CVE-2025-49441
Published : June 6, 2025, 1:15 p.m. | 3 hours, 13 minutes ago
Description : Missing Authorization vulnerability in WP Map Plugins Interactive Regional Map of Florida allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Interactive Regional Map of Florida: from n/a through 1.0.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-49442 - Mostafa Shahiri Simple Nested Menu Cross-Site Scripting

CVE ID : CVE-2025-49442
Published : June 6, 2025, 1:15 p.m. | 3 hours, 13 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mostafa Shahiri Simple Nested Menu allows Stored XSS. This issue affects Simple Nested Menu: from n/a through 1.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-49443 - Chris McCoy Bacon Ipsum Cross-site Scripting Vulnerability

CVE ID : CVE-2025-49443
Published : June 6, 2025, 1:15 p.m. | 3 hours, 13 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris McCoy Bacon Ipsum allows Stored XSS. This issue affects Bacon Ipsum: from n/a through 2.4.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-49445 - WP Map Plugins Interactive UK Regional Map CSRF Vulnerability

CVE ID : CVE-2025-49445
Published : June 6, 2025, 1:15 p.m. | 3 hours, 13 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Interactive UK Regional Map allows Cross Site Request Forgery. This issue affects Interactive UK Regional Map: from n/a through 2.0.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-49446 - Minhlaobao Admin Notes CSRF Vulnerability

CVE ID : CVE-2025-49446
Published : June 6, 2025, 1:15 p.m. | 3 hours, 13 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in minhlaobao Admin Notes allows Cross Site Request Forgery. This issue affects Admin Notes: from n/a through 1.1.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-49449 - WP Map Plugins Interactive Regional Map of Africa CSRF Vulnerability

CVE ID : CVE-2025-49449
Published : June 6, 2025, 1:15 p.m. | 3 hours, 13 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Interactive Regional Map of Africa allows Cross Site Request Forgery. This issue affects Interactive Regional Map of Africa: from n/a through 1.0.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-49419 - Foxit eSign for WordPress: Sensitive Data Exposure

CVE ID : CVE-2025-49419
Published : June 6, 2025, 1:15 p.m. | 1 hour, 53 minutes ago
Description : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in esigngenie Foxit eSign for WordPress allows Retrieve Embedded Sensitive Data. This issue affects Foxit eSign for WordPress: from n/a through 2.0.3.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-49421 - Andrei Filonov WP Text Expander SQL Injection

CVE ID : CVE-2025-49421
Published : June 6, 2025, 1:15 p.m. | 1 hour, 53 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Andrei Filonov WP Text Expander allows SQL Injection. This issue affects WP Text Expander: from n/a through 1.0.1.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-49425 - Konami Easter Egg CSRF Stored XSS

CVE ID : CVE-2025-49425
Published : June 6, 2025, 1:15 p.m. | 1 hour, 53 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Adrian Hanft Konami Easter Egg allows Stored XSS. This issue affects Konami Easter Egg: from n/a through v0.4.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-49427 - Abbie Expander Cross-site Scripting

CVE ID : CVE-2025-49427
Published : June 6, 2025, 1:15 p.m. | 1 hour, 53 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Burnette Abbie Expander allows Stored XSS. This issue affects Abbie Expander: from n/a through 1.0.1.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-49429 - Ryan Burnette Video Embeds Cross-site Scripting

CVE ID : CVE-2025-49429
Published : June 6, 2025, 1:15 p.m. | 1 hour, 53 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Burnette Video Embeds allows Stored XSS. This issue affects Video Embeds: from n/a through 0.1.1.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-49326 - GamiPress SQL Injection

CVE ID : CVE-2025-49326
Published : June 6, 2025, 1:15 p.m. | 30 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ruben Garcia GamiPress allows SQL Injection. This issue affects GamiPress: from n/a through 7.4.5.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-49327 - Ruben Garcia ShortLinks Pro SQL Injection

CVE ID : CVE-2025-49327
Published : June 6, 2025, 1:15 p.m. | 30 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ruben Garcia ShortLinks Pro allows SQL Injection. This issue affects ShortLinks Pro: from n/a through 1.0.7.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-49328 - Agile Logix Store Locator WordPress SQL Injection

CVE ID : CVE-2025-49328
Published : June 6, 2025, 1:15 p.m. | 30 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agile Logix Store Locator WordPress allows SQL Injection. This issue affects Store Locator WordPress: from n/a through 1.5.1.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-49329 - Agile Logix Store Locator WordPress Unrestricted File Upload Vulnerability

CVE ID : CVE-2025-49329
Published : June 6, 2025, 1:15 p.m. | 30 minutes ago
Description : Unrestricted Upload of File with Dangerous Type vulnerability in Agile Logix Store Locator WordPress allows Upload a Web Shell to a Web Server. This issue affects Store Locator WordPress: from n/a through 1.5.2.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-49332 - Codepeople WP Time Slots Booking Form CSRF Vulnerability

CVE ID : CVE-2025-49332
Published : June 6, 2025, 1:15 p.m. | 30 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in codepeople WP Time Slots Booking Form allows Cross Site Request Forgery. This issue affects WP Time Slots Booking Form: from n/a through 1.2.30.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-49333 - WordPress Simple Membership Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-49333
Published : June 6, 2025, 1:15 p.m. | 30 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wp.insider Simple Membership allows Stored XSS. This issue affects Simple Membership: from n/a through 4.6.3.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-41360 - Cisco IDF Denial of Service Vulnerability

CVE ID : CVE-2025-41360
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : Uncontrolled resource consumption vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. The device is vulnerable to a packet flooding denial of service attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-41361 - Juniper Networks ProCOME TLS Denial of Service (DoS)

CVE ID : CVE-2025-41361
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : Uncontrolled resource consumption vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. The devices improperly handle TLS requests associated with PROCOME sockets, so TLS requests sent to those PROCOME ports could cause the device to reboot and result in a denial of service. To exploit this vulnerability, PROCOME ports must be configured and active, with communications encryption active.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-41362 - IDF/ ZLF Browser Code Injection Vulnerability

CVE ID : CVE-2025-41362
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : Code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed with view permission.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-41363 - "ZLF IDF CORS Authentication Bypass"

CVE ID : CVE-2025-41363
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing (CORS). Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed with view permission.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-41364 - Microsoft IDF Stored Cross-Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-41364
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : Stored Cross-Site Scripting (XSS) vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious JavaScript payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed with view permission.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-41365 - IDF/ZLF Code Injection Vulnerability

CVE ID : CVE-2025-41365
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : Code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed only with permissions higher than the view permission.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-41366 - Cisco IDF ZLF CORS Configuration Error Vulnerability

CVE ID : CVE-2025-41366
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing (CORS). Exploiting this vulnerability requires authenticating to the device and executing certain commands that can only be executed with permissions higher than the view permission.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-41367 - "IDF and ZLF Stored XSS"

CVE ID : CVE-2025-41367
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : Stored Cross-Site Scripting (XSS) vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious JavaScript payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can only be executed with permissions higher than the view permission.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-47584 - ThemeGoods Photography Deserialization of Untrusted Data Vulnerability

CVE ID : CVE-2025-47584
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : Deserialization of Untrusted Data vulnerability in ThemeGoods Photography.This issue affects Photography: from n/a through 7.5.2.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-47586 - StylemixThemes Motors - Events PHP RFI Vulnerability

CVE ID : CVE-2025-47586
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Motors - Events allows PHP Local File Inclusion.This issue affects Motors - Events: from n/a through 1.4.7.
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-48328 - Daman Jeet Real Time Validation for Gravity Forms CSRF Vulnerability

CVE ID : CVE-2025-48328
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Daman Jeet Real Time Validation for Gravity Forms allows Cross Site Request Forgery.This issue affects Real Time Validation for Gravity Forms: from n/a through 1.7.0.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-48329 - Daman Jeet Real Time Validation for Gravity Forms Cross-site Scripting

CVE ID : CVE-2025-48329
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daman Jeet Real Time Validation for Gravity Forms allows Reflected XSS.This issue affects Real Time Validation for Gravity Forms: from n/a through 1.7.0.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-48335 - CyberChimps Responsive Plus Missing Authorization Vulnerability

CVE ID : CVE-2025-48335
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : Missing Authorization vulnerability in CyberChimps Responsive Plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Plus: from n/a through 3.2.0.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-48337 - QuickcabWP QuickCab Missing Authorization Vulnerability

CVE ID : CVE-2025-48337
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : Missing Authorization vulnerability in QuickcabWP QuickCab.This issue affects QuickCab: from n/a through 1.3.3.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-49067 - NasaTheme NASA Core Stored Cross-Site Scripting

CVE ID : CVE-2025-49067
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NasaTheme Nasa Core allows Stored XSS.This issue affects Nasa Core: from n/a before 6.4.1.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-49068 - OceanWP Ocean Extra Cross-site Scripting (XSS)

CVE ID : CVE-2025-49068
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OceanWP Ocean Extra allows Stored XSS.This issue affects Ocean Extra: from n/a through 2.4.8.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-49074 - ThemesGrove WidgetKit Stored Cross-Site Scripting (XSS)

CVE ID : CVE-2025-49074
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemesGrove WidgetKit allows Stored XSS.This issue affects WidgetKit: from n/a through 2.5.4.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-49075 - PickPlugins Wishlist Stored Cross-site Scripting Vulnerability

CVE ID : CVE-2025-49075
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Wishlist allows Stored XSS.This issue affects Wishlist: from n/a through 1.0.43.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-49076 - Elementor Page Builder Lite Stored Cross-Site Scripting (XSS) in POSIMYTH Innovations

CVE ID : CVE-2025-49076
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH Innovations The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 6.2.7.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-49077 - ThemeHigh Dynamic Pricing and Discount Rules CSRF Vulnerability

CVE ID : CVE-2025-49077
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in ThemeHigh Dynamic Pricing and Discount Rules allows Cross Site Request Forgery.This issue affects Dynamic Pricing and Discount Rules: from n/a through 2.2.9.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-5239 - WordPress Domain For Sale Stored Cross-Site Scripting

CVE ID : CVE-2025-5239
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : The Domain For Sale plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class_name’ parameter in all versions up to, and including, 3.0.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-5760 - WordPress Simple History Plugin Password Exposure RCE

CVE ID : CVE-2025-5760
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : The Simple History plugin for WordPress is vulnerable to sensitive data exposure via Detective Mode due to improper sanitization within the append_debug_info_to_context() function in versions prior to 5.8.1. When Detective Mode is enabled, the plugin’s logger captures the entire contents of $_POST (and sometimes raw request bodies or $_GET) without redacting any password‐related keys. As a result, whenever a user submits a login form, whether via native wp_login or a third‐party login widget, their actual password is written in clear text into the logs. An authenticated attacker or any user whose actions generate a login event will have their password recorded; an administrator (or anyone with database read access) can then read those logs and retrieve every captured password.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-5761 - PHPGurukul BP Monitoring Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5761
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : A vulnerability, which was classified as critical, has been found in PHPGurukul BP Monitoring Management System 1.0. This issue affects some unknown processing of the file /edit-family-member.php. The manipulation of the argument memberage leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-5762 - Patient Record Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5762
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : A vulnerability, which was classified as critical, was found in code-projects Patient Record Management System 1.0. Affected is an unknown function of the file view_hematology.php. The manipulation of the argument itr_no leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-5763 - Tenda CP3 Command Injection Vulnerability

CVE ID : CVE-2025-5763
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : A vulnerability has been found in Tenda CP3 11.10.00.2311090948 and classified as critical. Affected by this vulnerability is the function sub_F3C8C of the file apollo. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-48780 - Soar Cloud HRD Deserialization Command Execution Vulnerability

CVE ID : CVE-2025-48780
Published : June 6, 2025, 10:15 a.m. | 54 minutes ago
Description : A deserialization of untrusted data vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a crafted serialized object.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 10:15:00 GMT

read more

CVE-2025-48781 - Soar Cloud HRD Human Resource Management System File Path Traversal Vulnerability

CVE ID : CVE-2025-48781
Published : June 6, 2025, 10:15 a.m. | 54 minutes ago
Description : An external control of file name or path vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to obtain partial files by specifying arbitrary file paths.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 10:15:00 GMT

read more

CVE-2025-48782 - Soar Cloud HRD File Upload Command Execution Vulnerability

CVE ID : CVE-2025-48782
Published : June 6, 2025, 10:15 a.m. | 54 minutes ago
Description : An unrestricted upload of file with dangerous type vulnerability in the upload file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a malicious file.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 10:15:00 GMT

read more

CVE-2025-48783 - Soar Cloud HRD Human Resource Management System File Path Traversal Vulnerability

CVE ID : CVE-2025-48783
Published : June 6, 2025, 10:15 a.m. | 54 minutes ago
Description : An external control of file name or path vulnerability in the delete file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to delete partial files by specifying arbitrary file paths.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 10:15:00 GMT

read more

CVE-2025-48784 - Soar Cloud HRD Human Resource Management System Authorization Bypass

CVE ID : CVE-2025-48784
Published : June 6, 2025, 10:15 a.m. | 54 minutes ago
Description : A missing authorization vulnerability in Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to modify system settings without prior authorization.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 10:15:00 GMT

read more

CVE-2025-5192 - Soar Cloud HRD Missing Authentication Bypass Vulnerability

CVE ID : CVE-2025-5192
Published : June 6, 2025, 10:15 a.m. | 54 minutes ago
Description : A missing authentication for critical function vulnerability in the client application of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to bypass authentication and access application functions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 10:15:00 GMT

read more

CVE-2025-5755 - SourceCodester Open Source Clinic Management System SQL Injection

CVE ID : CVE-2025-5755
Published : June 6, 2025, 10:15 a.m. | 54 minutes ago
Description : A vulnerability was found in SourceCodester Open Source Clinic Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /email_config.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 10:15:00 GMT

read more

CVE-2025-5756 - Code-projects Real Estate Property Management System SQL Injection

CVE ID : CVE-2025-5756
Published : June 6, 2025, 10:15 a.m. | 54 minutes ago
Description : A vulnerability was found in code-projects Real Estate Property Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /Admin/EditCity.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 10:15:00 GMT

read more

CVE-2025-3322 - Apache Server Code Injection Vulnerability

CVE ID : CVE-2025-3322
Published : June 6, 2025, 9:15 a.m. | 1 hour, 54 minutes ago
Description : An improper neutralization of inputs used in expression language allows remote code execution with the highest privileges on the server.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 09:15:00 GMT

read more

CVE-2025-3365 - Apache File Path Traversal Vulnerability

CVE ID : CVE-2025-3365
Published : June 6, 2025, 9:15 a.m. | 1 hour, 54 minutes ago
Description : A missing protection against path traversal allows to access any file on the server.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 09:15:00 GMT

read more

CVE-2025-5737 - TOTOLINK X15 HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5737
Published : June 6, 2025, 9:15 a.m. | 1 hour, 54 minutes ago
Description : A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formDosCfg of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 09:15:00 GMT

read more

CVE-2025-5738 - TOTOLINK X15 HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5738
Published : June 6, 2025, 9:15 a.m. | 1 hour, 54 minutes ago
Description : A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formStats of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 09:15:00 GMT

read more

CVE-2025-5739 - TOTOLINK X15 HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5739
Published : June 6, 2025, 9:15 a.m. | 1 hour, 54 minutes ago
Description : A vulnerability classified as critical has been found in TOTOLINK X15 1.0.0-B20230714.1105. This affects an unknown part of the file /boafrm/formSaveConfig of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 09:15:00 GMT

read more

CVE-2025-3321 - Apache Server Unauthenticated Local Privilege Escalation Vulnerability

CVE ID : CVE-2025-3321
Published : June 6, 2025, 8:15 a.m. | 2 hours, 54 minutes ago
Description : A predefined administrative account is not documented and cannot be deactivated. This account cannot be misused from the network, only by local users on the server.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 08:15:00 GMT

read more

CVE-2025-5732 - Traffic Offense Reporting System Cross-Site Request Forgery Vulnerability

CVE ID : CVE-2025-5732
Published : June 6, 2025, 8:15 a.m. | 2 hours, 54 minutes ago
Description : A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 08:15:00 GMT

read more

CVE-2025-5734 - TOTOLINK X15 HTTP POST Request Handler Buffer Overflow

CVE ID : CVE-2025-5734
Published : June 6, 2025, 8:15 a.m. | 2 hours, 54 minutes ago
Description : A vulnerability has been found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWlanRedirect of the component HTTP POST Request Handler. The manipulation of the argument redirect-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 08:15:00 GMT

read more

CVE-2025-5735 - TOTOLINK X15 HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5735
Published : June 6, 2025, 8:15 a.m. | 2 hours, 54 minutes ago
Description : A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This issue affects some unknown processing of the file /boafrm/formSetLg of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 08:15:00 GMT

read more

CVE-2025-5736 - TOTOLINK X15 HTTP POST Request Handler Buffer Overflow

CVE ID : CVE-2025-5736
Published : June 6, 2025, 8:15 a.m. | 2 hours, 54 minutes ago
Description : A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formNtp of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 08:15:00 GMT

read more

Retrouvez l’ANSSI lors de VivaTechnology 2025 !

Retrouvez l’ANSSI lors de VivaTechnology 2025 !

anssiadm
Du 11 au 14 juin retrouvez l’ANSSI sur le pavillon numérique de l’État, lors de l’édition 2025 de VivaTechnology, le salon annuel des acteurs de l’innovation technologique.

Rendez-vous sur le pavillon numérique de l’État

Présents pour la première fois à VivaTechnology, les agents de l’ANSSI seront disponibles au sein du pavillon numérique de l’État, pour répondre à toutes vos questions.

Situé en n°H58, ce stand sera l’occasion pour l’Agence, aux côtés de la Direction interministérielle du numérique, la direction de la Transformation numérique du ministère de l’Intérieur, les directions du numérique du ministère de l’Économie, des Finances et de la Souveraineté industrielle et numérique, la direction numérique des ministères de l’Aménagement du territoire et de la Transition écologique, la direction numérique du ministère de l’Agriculture et de la souveraineté alimentaire, l’Institut national de l’information géographique et forestière, de mettre en avant six grandes thématiques pour cette édition 2025 :

  • Identité numérique
  • IA : Stratégie IA de l'Etat et initiatives produits IA de l'Etat
  • Des outils numériques souverains
  • Startups d'Etat concevoir des services numériques agiles et à impact
  • Transformation numérique des territoires
  • Stratégie Cloud de l'Etat
  • Cybersécurité

Découvrez la programmation détaillée

Pendant les 4 jours du salon, nos experts animeront différentes sessions sur des thématiques essentiels pour l’Agence, qui ont un impact significatif sur l’écosystème cyber français.

État des lieux de l’identité numérique en Europe

  • Jeudi 12 juin 2025 - 10h00
  • Samedi 14 juin 2025 – 14h00

Cybersécurité de l’IA

  • Mercredi 11 juin 2025 - 10h30
  • Jeudi 12 juin 2025 - 10h30
  • Vendredi 13 juin 2025 - 10h30 et 16h00
  • Samedi 14 juin - 10h30

La suite Cyber : l’offre de service numérique cyber souverain

  • Jeudi 12 juin 2025 - 14h00

SecNumCloud, un référentiel d’exigences pour des offres de services cloud

  • Mercredi 11 juin 2025 - 15h30
  • Jeudi 12 juin 2025 - 15h30
  • Vendredi 13 juin 2025 - 15h30

Directives NIS 2 – Focus sur les acteurs du numérique

  • Mercredi 11 juin - 16h00

Fri, 06 Jun 2025 07:25:00 GMT

read more

CVE-2025-5586 - WordPress Ajax Load More and Infinite Scroll Stored Cross-Site Scripting

CVE ID : CVE-2025-5586
Published : June 6, 2025, 7:15 a.m. | 3 hours, 54 minutes ago
Description : The WordPress Ajax Load More and Infinite Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-5686 - WordPress Paged Gallery Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5686
Published : June 6, 2025, 7:15 a.m. | 3 hours, 54 minutes ago
Description : The Paged Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gallery' shortcode in all versions up to, and including, 0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-5699 - WordPress Developer Formatter Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5699
Published : June 6, 2025, 7:15 a.m. | 3 hours, 54 minutes ago
Description : The Developer Formatter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS in all versions up to, and including, 2015.0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-5703 - "WordPress StageShow Stored Cross-Site Scripting Vulnerability"

CVE ID : CVE-2025-5703
Published : June 6, 2025, 7:15 a.m. | 3 hours, 54 minutes ago
Description : The StageShow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘anchor’ parameter in all versions up to, and including, 10.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-5727 - SourceCodester Student Result Management System Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5727
Published : June 6, 2025, 7:15 a.m. | 3 hours, 54 minutes ago
Description : A vulnerability classified as problematic has been found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /script/academic/announcement of the component Announcement Page. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-5728 - SourceCodester Open Source Clinic Management System Unrestricted File Upload Vulnerability

CVE ID : CVE-2025-5728
Published : June 6, 2025, 7:15 a.m. | 3 hours, 54 minutes ago
Description : A vulnerability classified as critical was found in SourceCodester Open Source Clinic Management System 1.0. This vulnerability affects unknown code of the file /manage_website.php. The manipulation of the argument website_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-5729 - Code-projects Health Center Patient Record Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5729
Published : June 6, 2025, 7:15 a.m. | 3 hours, 54 minutes ago
Description : A vulnerability, which was classified as critical, was found in code-projects Health Center Patient Record Management System 1.0. Affected is an unknown function of the file /birthing_record.php. The manipulation of the argument itr_no leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-5486 - WordPress WP Email Debug Privilege Escalation

CVE ID : CVE-2025-5486
Published : June 6, 2025, 7:15 a.m. | 3 hours, 13 minutes ago
Description : The WP Email Debug plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the WPMDBUG_handle_settings() function in versions 1.0 to 1.1.0. This makes it possible for unauthenticated attackers to enable debugging and send all emails to an attacker controlled address and then trigger a password reset for an administrator to gain access to an administrator account.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-5533 - WordPress Knowledge Base Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5533
Published : June 6, 2025, 7:15 a.m. | 3 hours, 13 minutes ago
Description : The Knowledge Base plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kbalert' shortcode in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-5534 - "ESV Bible Shortcode for WordPress Stored Cross-Site Scripting"

CVE ID : CVE-2025-5534
Published : June 6, 2025, 7:15 a.m. | 3 hours, 13 minutes ago
Description : The ESV Bible Shortcode for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'esv' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-5536 - Freemind Viewer Stored Cross-Site Scripting

CVE ID : CVE-2025-5536
Published : June 6, 2025, 7:15 a.m. | 3 hours, 13 minutes ago
Description : The Freemind Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'freemind' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-5538 - WordPress BNS Featured Category Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5538
Published : June 6, 2025, 7:15 a.m. | 3 hours, 13 minutes ago
Description : The BNS Featured Category plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bnsfc' shortcode in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-5541 - WordPress Runners Log Plugin Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5541
Published : June 6, 2025, 7:15 a.m. | 3 hours, 13 minutes ago
Description : The Runners Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'runnerslog' shortcode in all versions up to, and including, 3.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-5563 - WordPress WP-Addpub SQL Injection Vulnerability

CVE ID : CVE-2025-5563
Published : June 6, 2025, 7:15 a.m. | 3 hours, 13 minutes ago
Description : The WP-Addpub plugin for WordPress is vulnerable to SQL Injection via the 'wp-addpub' shortcode in all versions up to, and including, 1.2.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-5565 - WordPress Hide It Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5565
Published : June 6, 2025, 7:15 a.m. | 3 hours, 13 minutes ago
Description : The Hide It plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hideit' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-48911 - Citrix ShareFile Permission Vulnerability

CVE ID : CVE-2025-48911
Published : June 6, 2025, 7:15 a.m. | 1 hour, 39 minutes ago
Description : Vulnerability of improper permission assignment in the note sharing module Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-4964 - WordPress WP Online Users Stats SQL Injection

CVE ID : CVE-2025-4964
Published : June 6, 2025, 7:15 a.m. | 1 hour, 39 minutes ago
Description : The WP Online Users Stats plugin for WordPress is vulnerable to time-based SQL Injection via the ‘table_name’ parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-4966 - WordPress WP Online Users Stats CSRF

CVE ID : CVE-2025-4966
Published : June 6, 2025, 7:15 a.m. | 1 hour, 39 minutes ago
Description : The WP Online Users Stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation within the hk_dataset_results() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-5018 - WordPress Hive Support Plugin Unauthenticated Data Manipulation Vulnerability

CVE ID : CVE-2025-5018
Published : June 6, 2025, 7:15 a.m. | 1 hour, 39 minutes ago
Description : The Hive Support plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the hs_update_ai_chat_settings() and hive_lite_support_get_all_binbox() functions in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read and overwrite the site’s OpenAI API key and inspection data or modify AI-chat prompts and behavior. This vulnerability is potentially a duplicate of CVE-2025-32208 or/and CVE-2025-32242.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-5019 - Hive Support WordPress Cross-Site Request Forgery Vulnerability

CVE ID : CVE-2025-5019
Published : June 6, 2025, 7:15 a.m. | 1 hour, 39 minutes ago
Description : The Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the hs_update_ai_chat_settings() function. This makes it possible for unauthenticated attackers to reconfigure the plugin’s AI/chat settings (including API keys) and to potentially redirect notifications or leak data to attacker-controlled endpoints via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-48906 - DSoftBus Authentication Bypass Vulnerability

CVE ID : CVE-2025-48906
Published : June 6, 2025, 7:15 a.m. | 30 minutes ago
Description : Authentication bypass vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-48907 - Apache IPC Deserialization Vulnerability

CVE ID : CVE-2025-48907
Published : June 6, 2025, 7:15 a.m. | 30 minutes ago
Description : Deserialization vulnerability in the IPC module Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-48908 - "Ability Auto Startup Service Vulnerability in Foundation Process"

CVE ID : CVE-2025-48908
Published : June 6, 2025, 7:15 a.m. | 30 minutes ago
Description : Ability Auto Startup service vulnerability in the foundation process Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-48909 - Cisco ASA Authentication Bypass Vulnerability

CVE ID : CVE-2025-48909
Published : June 6, 2025, 7:15 a.m. | 30 minutes ago
Description : Bypass vulnerability in the device management channel Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-48910 - Apache DFile Buffer Overflow Vulnerability

CVE ID : CVE-2025-48910
Published : June 6, 2025, 7:15 a.m. | 30 minutes ago
Description : Buffer overflow vulnerability in the DFile module Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2023-2921 - WordPress Short URL SQL Injection Vulnerability

CVE ID : CVE-2023-2921
Published : June 6, 2025, 6:15 a.m. | 38 minutes ago
Description : The Short URL WordPress plugin through 1.6.8 does not properly sanitise and escape a parameter before using it in SQL statement, leading to a SQL injection exploitable by users with relatively low privilege on the site, like subscribers.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 06:15:00 GMT

read more

CVE-2025-1777 - WordPress BM Content Builder Cross-Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-1777
Published : June 6, 2025, 6:15 a.m. | 38 minutes ago
Description : The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'ux_cb_page_options_save' function in all versions up to, and including, 3.16.2.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 06:15:00 GMT

read more

CVE-2025-1778 - "WordPress Art Theme Unauthorized Theme Option Deletion Vulnerability"

CVE ID : CVE-2025-1778
Published : June 6, 2025, 6:15 a.m. | 38 minutes ago
Description : The Art Theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'arttheme_theme_option_restore' AJAX function in all versions up to, and including, 3.12.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete the theme option.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 06:15:00 GMT

read more

CVE-2025-5724 - SourceCodester Student Result Management System Cross Site Scripting Vulnerability

CVE ID : CVE-2025-5724
Published : June 6, 2025, 6:15 a.m. | 38 minutes ago
Description : A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /script/academic/subjects of the component Subjects Page. The manipulation of the argument Subject leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 06:15:00 GMT

read more

CVE-2025-5725 - SourceCodester Student Result Management System Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5725
Published : June 6, 2025, 6:15 a.m. | 38 minutes ago
Description : A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /script/academic/grading-system of the component Grading System Page. The manipulation of the argument Remark leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 06:15:00 GMT

read more

CVE-2025-5726 - SourceCodester Student Result Management System Cross-Site Scripting (XSS)

CVE ID : CVE-2025-5726
Published : June 6, 2025, 6:15 a.m. | 38 minutes ago
Description : A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /script/academic/division-system of the component Division System Page. The manipulation of the argument Division leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 06:15:00 GMT

read more

CVE-2025-36513 - i-PRO Co., Ltd. Surveillance Cameras CSRF Vulnerability

CVE ID : CVE-2025-36513
Published : June 6, 2025, 5:15 a.m. | 1 hour, 13 minutes ago
Description : Cross-site request forgery vulnerability exists in surveillance cameras provided by i-PRO Co., Ltd.. If a user views a crafted page while logged in to the affected product, unintended operations may be performed.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 05:15:00 GMT

read more

CVE-2025-5722 - SourceCodester Student Result Management System Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5722
Published : June 6, 2025, 5:15 a.m. | 1 hour, 13 minutes ago
Description : A vulnerability has been found in SourceCodester Student Result Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /script/academic/terms of the component Add Academic Term. The manipulation of the argument Academic Term leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 05:15:00 GMT

read more

CVE-2025-5723 - SourceCodester Student Result Management System Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5723
Published : June 6, 2025, 5:15 a.m. | 1 hour, 13 minutes ago
Description : A vulnerability was found in SourceCodester Student Result Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /script/academic/classes of the component Classes Page. The manipulation of the argument Class Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 05:15:00 GMT

read more

CVE-2025-5721 - SourceCodester Student Result Management System Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5721
Published : June 6, 2025, 4:16 a.m. | 2 hours, 13 minutes ago
Description : A vulnerability, which was classified as problematic, was found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /script/academic/core/update_profile of the component Profile Setting Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 04:16:00 GMT

read more

CVE-2025-5733 - WordPress Modern Events Calendar Lite Full Path Disclosure

CVE ID : CVE-2025-5733
Published : June 6, 2025, 4:16 a.m. | 2 hours, 12 minutes ago
Description : The Modern Events Calendar Lite plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 7.21.9. This is due improper or insufficient validation of the id property when exporting calendars. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 04:16:00 GMT

read more

CVE-2024-46941 - Samsung SystemUI Information Disclosure Vulnerability

CVE ID : CVE-2024-46941
Published : June 6, 2025, 4:15 a.m. | 2 hours, 13 minutes ago
Description : SystemUI has an incorrect component protection setting, which allows access to specific information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 04:15:00 GMT

read more

CVE-2025-5714 - SoluçõesCoop iSoluçõesWEB Profile Information Update Path Traversal Vulnerability

CVE ID : CVE-2025-5714
Published : June 6, 2025, 4:15 a.m. | 2 hours, 13 minutes ago
Description : A vulnerability was found in SoluçõesCoop iSoluçõesWEB up to 20250516. It has been classified as problematic. This affects an unknown part of the file /sys/up.upload.php of the component Profile Information Update. The manipulation of the argument nomeArquivo leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 04:15:00 GMT

read more

CVE-2025-5715 - Signal App Android Biometric Authentication Handler Authentication Bypass Vulnerability

CVE ID : CVE-2025-5715
Published : June 6, 2025, 4:15 a.m. | 2 hours, 13 minutes ago
Description : A vulnerability was found in Signal App 7.41.4 on Android. It has been declared as problematic. This vulnerability affects unknown code of the component Biometric Authentication Handler. The manipulation leads to missing critical step in authentication. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 04:15:00 GMT

read more

CVE-2025-5716 - SourceCodester Open Source Clinic Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5716
Published : June 6, 2025, 4:15 a.m. | 2 hours, 13 minutes ago
Description : A vulnerability classified as critical has been found in SourceCodester Open Source Clinic Management System 1.0. Affected is an unknown function of the file /login.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 04:15:00 GMT

read more

CVE-2025-5719 - PayPal Authentication Bypass

CVE ID : CVE-2025-5719
Published : June 6, 2025, 4:15 a.m. | 2 hours, 13 minutes ago
Description : The wallet has an authentication bypass vulnerability that allows access to specific pages.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 04:15:00 GMT

read more

CVE-2025-5711 - Real Estate Property Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5711
Published : June 6, 2025, 3:15 a.m. | 3 hours, 13 minutes ago
Description : A vulnerability, which was classified as critical, was found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /Admin/InsertCity.php. The manipulation of the argument cmbState leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 03:15:00 GMT

read more

CVE-2025-5712 - SourceCodester Open Source Clinic Management System SQL Injection

CVE ID : CVE-2025-5712
Published : June 6, 2025, 3:15 a.m. | 3 hours, 13 minutes ago
Description : A vulnerability has been found in SourceCodester Open Source Clinic Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /appointment.php. The manipulation of the argument patient leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 03:15:00 GMT

read more

CVE-2025-5713 - SoluçõesCoop iSoluçõesWEB Flow Handler Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5713
Published : June 6, 2025, 3:15 a.m. | 3 hours, 13 minutes ago
Description : A vulnerability was found in SoluçõesCoop iSoluçõesWEB up to 20250519 and classified as problematic. Affected by this issue is some unknown functionality of the file /fluxos-dashboard of the component Flow Handler. The manipulation of the argument Descrição da solicitação leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 03:15:00 GMT

read more

CVE-2024-22330 - IBM Security Verify Governance Weak Password Enforcement Vulnerability

CVE ID : CVE-2024-22330
Published : June 6, 2025, 2:15 a.m. | 4 hours, 13 minutes ago
Description : IBM Security Verify Governance 10.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 02:15:00 GMT

read more

CVE-2024-56342 - IBM Verify Identity Access Digital Credentials Information Disclosure

CVE ID : CVE-2024-56342
Published : June 6, 2025, 2:15 a.m. | 4 hours, 13 minutes ago
Description : IBM Verify Identity Access Digital Credentials 24.06 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 02:15:00 GMT

read more

CVE-2024-56343 - IBM Verify Identity Access Digital Credentials Denial of Service

CVE ID : CVE-2024-56343
Published : June 6, 2025, 2:15 a.m. | 4 hours, 13 minutes ago
Description : IBM Verify Identity Access Digital Credentials 24.06 could allow an authenticated user to crash the service with a specially crafted POST request.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 02:15:00 GMT

read more

CVE-2025-5709 - Code-projects Real Estate Property Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5709
Published : June 6, 2025, 2:15 a.m. | 4 hours, 13 minutes ago
Description : A vulnerability classified as critical was found in code-projects Real Estate Property Management System 1.0. This vulnerability affects unknown code of the file /Admin/InsertCategory.php. The manipulation of the argument txtCategoryName leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 02:15:00 GMT

read more

CVE-2025-5710 - "Code-projects Real Estate Property Management System SQL Injection Vulnerability"

CVE ID : CVE-2025-5710
Published : June 6, 2025, 2:15 a.m. | 4 hours, 13 minutes ago
Description : A vulnerability, which was classified as critical, has been found in code-projects Real Estate Property Management System 1.0. This issue affects some unknown processing of the file /Admin/InsertState.php. The manipulation of the argument txtStateName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 02:15:00 GMT

read more

CVE-2025-5706 - PHPGurukul Human Metapneumovirus Testing Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5706
Published : June 6, 2025, 1:15 a.m. | 5 hours, 13 minutes ago
Description : A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /new-user-testing.php. The manipulation of the argument state leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 01:15:00 GMT

read more

CVE-2025-5707 - PHPGurukul Human Metapneumovirus Testing Management System SQL Injection

CVE ID : CVE-2025-5707
Published : June 6, 2025, 1:15 a.m. | 5 hours, 13 minutes ago
Description : A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /registered-user-testing.php. The manipulation of the argument testtype leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 01:15:00 GMT

read more

CVE-2025-5708 - Real Estate Property Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5708
Published : June 6, 2025, 1:15 a.m. | 5 hours, 13 minutes ago
Description : A vulnerability classified as critical has been found in code-projects Real Estate Property Management System 1.0. This affects an unknown part of the file /Admin/NewsReport.php. The manipulation of the argument txtFrom leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 01:15:00 GMT

read more

CVE-2025-5705 - Code-Projects Real Estate Property Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5705
Published : June 6, 2025, 12:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability was found in code-projects Real Estate Property Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /Admin/Property.php. The manipulation of the argument cmbCat leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 00:15:00 GMT

read more

CVE-2025-49012 - Microsoft Azure Entra ID Intune Himmelblau Privilege Escalation Vulnerability

CVE ID : CVE-2025-49012
Published : June 5, 2025, 11:15 p.m. | 7 hours, 13 minutes ago
Description : Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau versions 0.9.0 through 0.9.14 and 1.00-alpha are vulnerable to a privilege escalation issue when Entra ID group-based access restrictions are configured using group display names instead of object IDs. Starting in version 0.9.0, Himmelblau introduced support for specifying group names in the `pam_allow_groups` configuration option. However, Microsoft Entra ID permits the creation of multiple groups with the same `displayName` via the Microsoft Graph API—even by non-admin users, depending on tenant settings. As a result, a user could create a personal group with the same name as a legitimate access group (e.g., `"Allow-Linux-Login"`), add themselves to it, and be granted authentication or `sudo` rights by Himmelblau. Because affected Himmelblau versions compare group names by either `displayName` or by the immutable `objectId`, this allows bypassing access control mechanisms intended to restrict login to members of official, centrally-managed groups. This issue is fixed in Himmelblau version **0.9.15** and later. In these versions, group name matching in `pam_allow_groups` has been deprecated and removed, and only group `objectId`s (GUIDs) may be specified for secure group-based filtering. To mitigate the issue without upgrading, replace all entries in `pam_allow_groups` with the objectId of the target Entra ID group(s) and/or audit your tenant for groups with duplicate display names using the Microsoft Graph API.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 23:15:00 GMT

read more

CVE-2025-5704 - "Code-projects Real Estate Property Management System SQL Injection Vulnerability"

CVE ID : CVE-2025-5704
Published : June 5, 2025, 11:15 p.m. | 7 hours, 13 minutes ago
Description : A vulnerability was found in code-projects Real Estate Property Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /Admin/User.php. The manipulation of the argument txtUserName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 23:15:00 GMT

read more

CVE-2025-5698 - Brilliance Golden Link Secondary System SQL Injection Vulnerability

CVE ID : CVE-2025-5698
Published : June 5, 2025, 10:15 p.m. | 8 hours, 13 minutes ago
Description : A vulnerability, which was classified as critical, was found in Brilliance Golden Link Secondary System up to 20250424. Affected is an unknown function of the file /sysframework/logSelect.htm. The manipulation of the argument nodename leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 22:15:00 GMT

read more

CVE-2025-5696 - Brilliance Golden Link Secondary System SQL Injection Vulnerability

CVE ID : CVE-2025-5696
Published : June 5, 2025, 10:15 p.m. | 6 hours, 54 minutes ago
Description : A vulnerability classified as critical was found in Brilliance Golden Link Secondary System up to 20250424. This vulnerability affects unknown code of the file /storagework/rentChangeCheckInfoPage.htm. The manipulation of the argument clientname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 22:15:00 GMT

read more

CVE-2025-5697 - Brilliance Golden Link Secondary System SQL Injection Vulnerability

CVE ID : CVE-2025-5697
Published : June 5, 2025, 10:15 p.m. | 6 hours, 54 minutes ago
Description : A vulnerability, which was classified as critical, has been found in Brilliance Golden Link Secondary System up to 20250424. This issue affects some unknown processing of the file /reprotframework/tcCustDeferPosiQuery.htm. The manipulation of the argument custTradeId leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 22:15:00 GMT

read more

CVE-2025-5695 - FLIR AX8 Command Injection Vulnerability

CVE ID : CVE-2025-5695
Published : June 5, 2025, 9:15 p.m. | 7 hours, 54 minutes ago
Description : A vulnerability classified as critical has been found in FLIR AX8 up to 1.46.16. This affects the function subscribe_to_spot/subscribe_to_delta/subscribe_to_alarm of the file /usr/www/application/models/subscriptions.php of the component Backend. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.55.16 is able to address this issue. It is recommended to upgrade the affected component.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 21:15:00 GMT

read more

CVE-2025-47966 - Power Automate Privilege Escalation Information Exposure

CVE ID : CVE-2025-47966
Published : June 5, 2025, 9:15 p.m. | 6 hours, 29 minutes ago
Description : Exposure of sensitive information to an unauthorized actor in Power Automate allows an unauthorized attacker to elevate privileges over a network.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 21:15:00 GMT

read more

CVE-2025-48133 - Uncanny Owl Uncanny Automator Missing Authorization Vulnerability

CVE ID : CVE-2025-48133
Published : June 5, 2025, 9:15 p.m. | 6 hours, 29 minutes ago
Description : Missing Authorization vulnerability in Uncanny Owl Uncanny Automator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Automator: from n/a through 6.4.0.2.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 21:15:00 GMT

read more

CVE-2025-5694 - PHPGurukul Human Metapneumovirus Testing Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5694
Published : June 5, 2025, 9:15 p.m. | 6 hours, 29 minutes ago
Description : A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /search-report-result.php. The manipulation of the argument serachdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 21:15:00 GMT

read more

CVE-2025-5680 - Shenzhen Dashi Tongzhou Information Technology AgileBPM Groovy Script Handler Remote Deserialization Vulnerability

CVE ID : CVE-2025-5680
Published : June 5, 2025, 8:15 p.m. | 7 hours, 29 minutes ago
Description : A vulnerability classified as critical was found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0. Affected by this vulnerability is the function executeScript of the file /src/main/java/com/dstz/sys/rest/controller/SysScriptController.java of the component Groovy Script Handler. The manipulation of the argument script leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 20:15:00 GMT

read more

CVE-2025-5685 - Tenda CH22 Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5685
Published : June 5, 2025, 8:15 p.m. | 7 hours, 29 minutes ago
Description : A vulnerability, which was classified as critical, was found in Tenda CH22 1.0.0.1. This affects the function formNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 20:15:00 GMT

read more

CVE-2025-5693 - PHPGurukul Human Metapneumovirus Testing Management System SQL Injection

CVE ID : CVE-2025-5693
Published : June 5, 2025, 8:15 p.m. | 7 hours, 29 minutes ago
Description : A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /bwdates-report-result.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 20:15:00 GMT

read more

CVE-2025-5745 - IBM Power10 GNU C Library Unpredictable String Comparison Vulnerability

CVE ID : CVE-2025-5745
Published : June 5, 2025, 8:15 p.m. | 7 hours, 29 minutes ago
Description : The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 20:15:00 GMT

read more

CVE-2025-43026 - HP Support Assistant Privilege Escalation Vulnerability

CVE ID : CVE-2025-43026
Published : June 5, 2025, 8:15 p.m. | 6 hours, 38 minutes ago
Description : A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.44.18.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 20:15:00 GMT

read more

CVE-2025-5679 - Shenzhen Dashi Tongzhou Information Technology AgileBPM Deserialization Remote Code Execution Vulnerability

CVE ID : CVE-2025-5679
Published : June 5, 2025, 7:15 p.m. | 7 hours, 38 minutes ago
Description : A vulnerability classified as critical has been found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0. Affected is the function parseStrByFreeMarker of the file /src/main/java/com/dstz/sys/rest/controller/SysToolsController.java. The manipulation of the argument str leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 19:15:00 GMT

read more

CVE-2025-5702 - IBM Power10 GNU C Library Uninitialized Register Use

CVE ID : CVE-2025-5702
Published : June 5, 2025, 7:15 p.m. | 7 hours, 38 minutes ago
Description : The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 19:15:00 GMT

read more

CVE-2025-5674 - "Code-Projects Patient Record Management System SQL Injection Vulnerability"

CVE ID : CVE-2025-5674
Published : June 5, 2025, 7:15 p.m. | 4 hours, 18 minutes ago
Description : A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file urinalysis_form.php. The manipulation of the argument urinalysis_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 19:15:00 GMT

read more

CVE-2025-5675 - Campcodes Online Teacher Record Management System SQL Injection

CVE ID : CVE-2025-5675
Published : June 5, 2025, 7:15 p.m. | 4 hours, 18 minutes ago
Description : A vulnerability was found in Campcodes Online Teacher Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /trms/admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 19:15:00 GMT

read more

CVE-2025-5676 - Campcodes Online Recruitment Management System SQL Injection

CVE ID : CVE-2025-5676
Published : June 5, 2025, 7:15 p.m. | 4 hours, 18 minutes ago
Description : A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/ajax.php?action=login. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 19:15:00 GMT

read more

CVE-2025-5677 - Campcodes Online Recruitment Management System SQL Injection

CVE ID : CVE-2025-5677
Published : June 5, 2025, 7:15 p.m. | 4 hours, 18 minutes ago
Description : A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/ajax.php?action=save_application. The manipulation of the argument position_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 19:15:00 GMT

read more

CVE-2025-46257 - BdThemes Element Pack Pro CSRF Vulnerability

CVE ID : CVE-2025-46257
Published : June 5, 2025, 6:15 p.m. | 5 hours, 18 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in BdThemes Element Pack Pro allows Cross Site Request Forgery.This issue affects Element Pack Pro: from n/a before 8.0.0.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 18:15:00 GMT

read more

CVE-2025-46258 - BdThemes Element Pack Pro Missing Authorization Vulnerability

CVE ID : CVE-2025-46258
Published : June 5, 2025, 6:15 p.m. | 5 hours, 18 minutes ago
Description : Missing Authorization vulnerability in BdThemes Element Pack Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Pack Pro: from n/a before 8.0.0.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 18:15:00 GMT

read more

CVE-2025-5671 - TOTOLINK N302R Plus HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5671
Published : June 5, 2025, 6:15 p.m. | 5 hours, 18 minutes ago
Description : A vulnerability, which was classified as critical, was found in TOTOLINK N302R Plus up to 3.4.0-B20201028. Affected is an unknown function of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 18:15:00 GMT

read more

CVE-2025-5672 - TOTOLINK N302R Plus HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5672
Published : June 5, 2025, 6:15 p.m. | 5 hours, 18 minutes ago
Description : A vulnerability has been found in TOTOLINK N302R Plus up to 3.4.0-B20201028 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 18:15:00 GMT

read more

CVE-2025-5670 - PHPGurukul Medical Card Generation System SQL Injection

CVE ID : CVE-2025-5670
Published : June 5, 2025, 5:15 p.m. | 6 hours, 18 minutes ago
Description : A vulnerability, which was classified as critical, has been found in PHPGurukul Medical Card Generation System 1.0. This issue affects some unknown processing of the file /admin/manage-card.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 17:15:00 GMT

read more

CVE-2025-48493 - "Redis AUTH Credentials Exposed in Yii Logs"

CVE ID : CVE-2025-48493
Published : June 5, 2025, 5:15 p.m. | 5 hours, 13 minutes ago
Description : The Yii 2 Redis extension provides the redis key-value store support for the Yii framework 2.0. On failing connection, the extension writes commands sequence to logs. Prior to version 2.0.20, AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs. Version 2.0.20 fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 17:15:00 GMT

read more

CVE-2025-49009 - Facebook Para Facebook Auth Token Information Disclosure

CVE ID : CVE-2025-49009
Published : June 5, 2025, 5:15 p.m. | 5 hours, 13 minutes ago
Description : Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 in `FacebookAuthFilter.java` results in a full request URL being logged during a failed request to a Facebook user profile. The log includes the user's access token in plain text. Since WARN-level logs are often retained in production and accessible to operators or log aggregation systems, this poses a risk of token exposure. Version 1.50.8 fixes the issue.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 17:15:00 GMT

read more

CVE-2025-5668 - PHPGurukul Medical Card Generation System SQL Injection Vulnerability

CVE ID : CVE-2025-5668
Published : June 5, 2025, 5:15 p.m. | 5 hours, 13 minutes ago
Description : A vulnerability classified as critical has been found in PHPGurukul Medical Card Generation System 1.0. This affects an unknown part of the file /admin/readenq.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 17:15:00 GMT

read more

CVE-2025-5669 - PHPGurukul Medical Card Generation System SQL Injection

CVE ID : CVE-2025-5669
Published : June 5, 2025, 5:15 p.m. | 5 hours, 13 minutes ago
Description : A vulnerability classified as critical was found in PHPGurukul Medical Card Generation System 1.0. This vulnerability affects unknown code of the file /admin/unreadenq.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 17:15:00 GMT

read more

CVE-2025-5667 - FreeFloat FTP Server REIN Command Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5667
Published : June 5, 2025, 4:15 p.m. | 6 hours, 13 minutes ago
Description : A vulnerability was found in FreeFloat FTP Server 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component REIN Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 16:15:00 GMT

read more

CVE-2025-5666 - FreeFloat FTP Server XMKD Command Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5666
Published : June 5, 2025, 4:15 p.m. | 4 hours, 53 minutes ago
Description : A vulnerability was found in FreeFloat FTP Server 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component XMKD Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 16:15:00 GMT

read more

CVE-2025-5664 - FreeFloat FTP Server Buffer Overflow Vulnerability

CVE ID : CVE-2025-5664
Published : June 5, 2025, 3:15 p.m. | 5 hours, 53 minutes ago
Description : A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of the component RESTART Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 15:15:00 GMT

read more

CVE-2025-5665 - FreeFloat FTP Server XCWD Command Handler Buffer Overflow

CVE ID : CVE-2025-5665
Published : June 5, 2025, 3:15 p.m. | 5 hours, 53 minutes ago
Description : A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. Affected is an unknown function of the component XCWD Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 15:15:00 GMT

read more

CVE-2025-5663 - PHPGurukul Auto Taxi Stand Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5663
Published : June 5, 2025, 2:15 p.m. | 6 hours, 53 minutes ago
Description : A vulnerability has been found in PHPGurukul Auto Taxi Stand Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/search-autoortaxi.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 14:15:00 GMT

read more

CVE-2025-30084 - Joomla RSMail! Stored XSS

CVE ID : CVE-2025-30084
Published : June 5, 2025, 2:15 p.m. | 6 hours, 13 minutes ago
Description : A stored XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 for Joomla was discovered. The issue occurs within the dashboard component, where user-supplied input is not properly sanitized before being stored and rendered. An attacker can inject malicious JavaScript code into text fields or other input points, which is subsequently executed in the browser of any user who clicks on the crafted text in the dashboard.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 14:15:00 GMT

read more

CVE-2025-3768 - Devolutions Server Tor Network Bypass Vulnerability

CVE ID : CVE-2025-3768
Published : June 5, 2025, 2:15 p.m. | 6 hours, 13 minutes ago
Description : Improper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the tor blocking feature when the Devolutions hosted endpoint is not reachable.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 14:15:00 GMT

read more

CVE-2025-47827 - IGEL OS Boot Signature Verification Bypass

CVE ID : CVE-2025-47827
Published : June 5, 2025, 2:15 p.m. | 6 hours, 13 minutes ago
Description : In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 14:15:00 GMT

read more

CVE-2025-5382 - Devolutions Server Access Control Bypass

CVE ID : CVE-2025-5382
Published : June 5, 2025, 2:15 p.m. | 6 hours, 13 minutes ago
Description : Improper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to remove or change administrators MFA.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 14:15:00 GMT

read more

CVE-2025-5661 - "Traffic Offense Reporting System XSS Vulnerability"

CVE ID : CVE-2025-5661
Published : June 5, 2025, 2:15 p.m. | 6 hours, 13 minutes ago
Description : A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part of the file /save-settings.php of the component Setting Handler. The manipulation of the argument site_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 14:15:00 GMT

read more

CVE-2025-0691 - Devolutions Server Access Control Bypass

CVE ID : CVE-2025-0691
Published : June 5, 2025, 2:15 p.m. | 3 hours, 29 minutes ago
Description : Improper access control in permissions component in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the "Edit permission" permission by bypassing the client side validation.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 14:15:00 GMT

read more

CVE-2025-27445 - RSFirewall Joomla Path Traversal Vulnerability

CVE ID : CVE-2025-27445
Published : June 5, 2025, 2:15 p.m. | 3 hours, 29 minutes ago
Description : A path traversal vulnerability in RSFirewall component 2.9.7 - 3.1.5 for Joomla was discovered. This vulnerability allows authenticated users to read arbitrary files outside the Joomla root directory. The flaw is caused by insufficient sanitization of user-supplied input in file path parameters, allowing attackers to exploit directory traversal sequences (e.g., ../) to access sensitive files
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 14:15:00 GMT

read more

CVE-2025-27753 - Joomla RSMediaGallery SQL Injection

CVE ID : CVE-2025-27753
Published : June 5, 2025, 2:15 p.m. | 3 hours, 29 minutes ago
Description : A SQLi vulnerability in RSMediaGallery component 1.7.4 - 2.1.6 for Joomla was discovered. The vulnerability is due to the use of unescaped user-supplied parameters in SQL queries within the dashboard component. This allows an authenticated attacker to inject malicious SQL code through unsanitized input fields, which are used directly in SQL queries. Exploiting this flaw can lead to unauthorized database access, data leakage, or modification of records.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 14:15:00 GMT

read more

CVE-2025-27754 - Joomla RSBlog! Stored Cross-Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-27754
Published : June 5, 2025, 2:15 p.m. | 3 hours, 29 minutes ago
Description : A stored XSS vulnerability in RSBlog! component 1.11.6 - 1.14.4 for Joomla was discovered. The vulnerability allows authenticated users to inject malicious JavaScript into the plugin's resource. The injected payload is stored by the application and later executed when other users view the affected content.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 14:15:00 GMT

read more

CVE-2025-5658 - PHPGurukul Complaint Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5658
Published : June 5, 2025, 1:15 p.m. | 4 hours, 29 minutes ago
Description : A vulnerability classified as critical has been found in PHPGurukul Complaint Management System 2.0. Affected is an unknown function of the file /admin/updatecomplaint.php. The manipulation of the argument Status leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 13:15:00 GMT

read more

CVE-2025-5659 - PHPGurukul Complaint Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5659
Published : June 5, 2025, 1:15 p.m. | 4 hours, 29 minutes ago
Description : A vulnerability classified as critical was found in PHPGurukul Complaint Management System 2.0. Affected by this vulnerability is an unknown functionality of the file /user/profile.php. The manipulation of the argument pincode leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 13:15:00 GMT

read more

CVE-2025-5660 - PHPGurukul Complaint Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5660
Published : June 5, 2025, 1:15 p.m. | 4 hours, 29 minutes ago
Description : A vulnerability, which was classified as critical, has been found in PHPGurukul Complaint Management System 2.0. Affected by this issue is some unknown functionality of the file /user/register-complaint.php. The manipulation of the argument noc leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 13:15:00 GMT

read more

CVE-2025-5656 - PHPGurukul Complaint Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5656
Published : June 5, 2025, 12:15 p.m. | 5 hours, 29 minutes ago
Description : A vulnerability was found in PHPGurukul Complaint Management System 2.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/edit-category.php. The manipulation of the argument description leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 12:15:00 GMT

read more

CVE-2025-5657 - PHPGurukul Complaint Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5657
Published : June 5, 2025, 12:15 p.m. | 5 hours, 29 minutes ago
Description : A vulnerability was found in PHPGurukul Complaint Management System 2.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/manage-users.php. The manipulation of the argument uid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 12:15:00 GMT

read more

CVE-2025-5701 - HyperComments WordPress Privilege Escalation Vulnerability

CVE ID : CVE-2025-5701
Published : June 5, 2025, 12:15 p.m. | 5 hours, 29 minutes ago
Description : The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hc_request_handler function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 12:15:00 GMT

read more

CVE-2011-10007 - Apache::FileFind::Rule Arbitrary Code Execution Vulnerability

CVE ID : CVE-2011-10007
Published : June 5, 2025, 12:15 p.m. | 5 hours, 13 minutes ago
Description : File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted filename. A file handle is opened with the 2 argument form of `open()` allowing an attacker controlled filename to provide the MODE parameter to `open()`, turning the filename into a command to be executed. Example: $ mkdir /tmp/poc; echo > "/tmp/poc/|id" $ perl -MFile::Find::Rule \     -E 'File::Find::Rule->grep("foo")->in("/tmp/poc")' uid=1000(user) gid=1000(user) groups=1000(user),100(users)
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 12:15:00 GMT

read more

CVE-2025-5341 - Forminator Forms Stored Cross-Site Scripting (XSS)

CVE ID : CVE-2025-5341
Published : June 5, 2025, 12:15 p.m. | 5 hours, 13 minutes ago
Description : The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id' and 'data-size’ parameters in all versions up to, and including, 1.44.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 12:15:00 GMT

read more

Retour sur le webinaire « Comment se faire labelliser ExpertCyber ? »

Organisé le 3 juin 2025, le webinaire « Comment se faire labelliser ExpertCyber ? » avait pour objectif de présenter les enjeux et modalités de la labellisation ExpertCyber, destinée aux prestataires de services informatique justifiant d’une expertise en cybersécurité.

Thu, 05 Jun 2025 12:02:00 GMT

read more

CVE-2025-5653 - PHPGurukul Complaint Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5653
Published : June 5, 2025, 11:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability has been found in PHPGurukul Complaint Management System 2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/between-date-userreport.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 11:15:00 GMT

read more

CVE-2025-5654 - PHPGurukul Complaint Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5654
Published : June 5, 2025, 11:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability was found in PHPGurukul Complaint Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/edit-state.php. The manipulation of the argument description leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 11:15:00 GMT

read more

CVE-2025-5655 - PHPGurukul Complaint Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5655
Published : June 5, 2025, 11:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability was found in PHPGurukul Complaint Management System 2.0. It has been classified as critical. This affects an unknown part of the file /admin/edit-subcategory.php. The manipulation of the argument subcategory leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 11:15:00 GMT

read more

CVE-2025-5651 - "Traffic Offense Reporting System Cross-Site Scripting Vulnerability"

CVE ID : CVE-2025-5651
Published : June 5, 2025, 10:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in code-projects Traffic Offense Reporting System 1.0. This issue affects some unknown processing of the file saveuser.php. The manipulation of the argument user_id/username/email/name/position leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 10:15:00 GMT

read more

CVE-2025-5652 - PHPGurukul Complaint Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5652
Published : June 5, 2025, 10:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability, which was classified as critical, was found in PHPGurukul Complaint Management System 2.0. Affected is an unknown function of the file /admin/between-date-complaintreport.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 10:15:00 GMT

read more

CVE-2025-4568 - Apache HTTP Server Blind SQL Injection

CVE ID : CVE-2025-4568
Published : June 5, 2025, 10:15 a.m. | 4 hours, 13 minutes ago
Description : Improper neutralization of input provided by an unauthorized user into changes__reference_id parameter in URL allows for boolean-based Blind SQL Injection attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 10:15:00 GMT

read more

CVE-2025-5650 - 1000projects Online Notice Board SQL Injection Vulnerability

CVE ID : CVE-2025-5650
Published : June 5, 2025, 10:15 a.m. | 4 hours, 13 minutes ago
Description : A vulnerability classified as critical was found in 1000projects Online Notice Board 1.0. This vulnerability affects unknown code of the file /register.php. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 10:15:00 GMT

read more

CVE-2025-5647 - Radare2 Radiff2 Memory Corruption Vulnerability

CVE ID : CVE-2025-5647
Published : June 5, 2025, 9:15 a.m. | 5 hours, 13 minutes ago
Description : A vulnerability was found in Radare2 5.9.9 and classified as problematic. This issue affects the function r_cons_context_break_pop in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is named 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 09:15:00 GMT

read more

CVE-2025-5648 - Radare2 Buffer Overflow in r_cons_pal_init

CVE ID : CVE-2025-5648
Published : June 5, 2025, 9:15 a.m. | 5 hours, 13 minutes ago
Description : A vulnerability was found in Radare2 5.9.9. It has been classified as problematic. Affected is the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 09:15:00 GMT

read more

CVE-2025-5649 - SourceCodester Student Result Management System Remote Access Control Bypass

CVE ID : CVE-2025-5649
Published : June 5, 2025, 9:15 a.m. | 5 hours, 13 minutes ago
Description : A vulnerability classified as critical has been found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /admin/core/new_user of the component Register Interface. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 09:15:00 GMT

read more

Soldes drsquo;été : 7 conseils pour éviter les cyber-arnaques

Durant les périodes promotionnelles, Cybermalveillance.gouv.fr appelle à la plus grande vigilance et délivre 7 conseils pour éviter de se faire escroquer.

Thu, 05 Jun 2025 09:00:00 GMT

read more

Lettres drsquo;information

Actualités, contenus et ressources thématiques pour vous sensibiliser aux risques numériques et aux bonnes pratiques associées, informations sur les cybermenaces… Retrouvez dans cette section les lettres d’informations de Cybermalveillance.gouv.fr.

Thu, 05 Jun 2025 09:00:00 GMT

read more

CVE-2025-5645 - Radare2 r_cons_pal_init Memory Corruption Vulnerability

CVE ID : CVE-2025-5645
Published : June 5, 2025, 8:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability, which was classified as problematic, was found in Radare2 5.9.9. This affects the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 08:15:00 GMT

read more

CVE-2025-5646 - "Radare2 Rainbow Free Memory Corruption Vulnerability"

CVE ID : CVE-2025-5646
Published : June 5, 2025, 8:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability has been found in Radare2 5.9.9 and classified as problematic. This vulnerability affects the function r_cons_rainbow_free in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is identified as 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 08:15:00 GMT

read more

CVE-2025-5641 - "Radare2 Memory Corruption Vulnerability in r_cons_is_breaked Function"

CVE ID : CVE-2025-5641
Published : June 5, 2025, 7:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability was found in Radare2 5.9.9. It has been rated as problematic. This issue affects the function r_cons_is_breaked in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". An additional warning regarding threading support has been added.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 07:15:00 GMT

read more

CVE-2025-5642 - Radare2 radiff2 Memory Corruption Vulnerability

CVE ID : CVE-2025-5642
Published : June 5, 2025, 7:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability classified as problematic has been found in Radare2 5.9.9. Affected is the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation leads to memory corruption. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is identified as 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 07:15:00 GMT

read more

CVE-2025-5643 - "Radare2 Local Memory Corruption Vulnerability"

CVE ID : CVE-2025-5643
Published : June 5, 2025, 7:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability classified as problematic was found in Radare2 5.9.9. Affected by this vulnerability is the function cons_stack_load in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is named 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 07:15:00 GMT

read more

CVE-2025-5644 - Radare2 Use After Free Vulnerability in r_cons_flush Function

CVE ID : CVE-2025-5644
Published : June 5, 2025, 7:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in Radare2 5.9.9. Affected by this issue is the function r_cons_flush in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to use after free. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 07:15:00 GMT

read more

CVE-2025-5683 - Qt QImage ICNS Format Image File Buffer Overflow

CVE ID : CVE-2025-5683
Published : June 5, 2025, 6:15 a.m. | 8 hours, 13 minutes ago
Description : When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 06:15:00 GMT

read more

CVE-2025-3055 - WordPress User Frontend Pro File Deletion Vulnerability

CVE ID : CVE-2025-3055
Published : June 5, 2025, 6:15 a.m. | 6 hours, 38 minutes ago
Description : The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_avatar_ajax() function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 06:15:00 GMT

read more

CVE-2025-5639 - PHPGurukul Notice Board System SQL Injection Vulnerability

CVE ID : CVE-2025-5639
Published : June 5, 2025, 6:15 a.m. | 6 hours, 38 minutes ago
Description : A vulnerability was found in PHPGurukul Notice Board System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /forgot-password.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 06:15:00 GMT

read more

CVE-2025-5640 - "PX4-Autopilot MavlinkReceiver Stack-Based Buffer Overflow Vulnerability"

CVE ID : CVE-2025-5640
Published : June 5, 2025, 6:15 a.m. | 6 hours, 38 minutes ago
Description : A vulnerability was found in PX4-Autopilot 1.12.3. It has been classified as problematic. This affects the function MavlinkReceiver::handle_message_trajectory_representation_waypoints of the file mavlink_receiver.cpp of the component TRAJECTORY_REPRESENTATION_WAYPOINTS Message Handler. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 06:15:00 GMT

read more

CVE-2025-3054 - WordPress WP User Frontend Pro Plugin Arbitrary File Upload Vulnerability

CVE ID : CVE-2025-3054
Published : June 5, 2025, 6:15 a.m. | 6 hours, 13 minutes ago
Description : The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Please note that this requires the 'Private Message' module to be enabled and the Business version of the PRO software to be in use.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 06:15:00 GMT

read more

CVE-2025-1793 - AWS Run-llama SQL Injection Vulnerability

CVE ID : CVE-2025-1793
Published : June 5, 2025, 5:15 a.m. | 7 hours, 13 minutes ago
Description : Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index library in a web application.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 05:15:00 GMT

read more

CVE-2025-5636 - PCMan FTP Server Buffer Overflow Vulnerability

CVE ID : CVE-2025-5636
Published : June 5, 2025, 5:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component SET Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 05:15:00 GMT

read more

CVE-2025-5637 - PCMan FTP Server SYSTEM Command Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5637
Published : June 5, 2025, 5:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability, which was classified as critical, was found in PCMan FTP Server 2.0.7. Affected is an unknown function of the component SYSTEM Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 05:15:00 GMT

read more

CVE-2025-5638 - PHPGurukul Notice Board System SQL Injection Vulnerability

CVE ID : CVE-2025-5638
Published : June 5, 2025, 5:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability has been found in PHPGurukul Notice Board System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin-profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 05:15:00 GMT

read more

CVE-2025-5633 - Content Management System and News-Buzz SQL Injection Vulnerability

CVE ID : CVE-2025-5633
Published : June 5, 2025, 4:15 a.m. | 6 hours, 37 minutes ago
Description : A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/users.php. The manipulation of the argument delete leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 04:15:00 GMT

read more

CVE-2025-5634 - PCMan FTP Server NOOP Command Handler Buffer Overflow

CVE ID : CVE-2025-5634
Published : June 5, 2025, 4:15 a.m. | 6 hours, 37 minutes ago
Description : A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. This affects an unknown part of the component NOOP Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 04:15:00 GMT

read more

CVE-2025-5635 - PCMan FTP Server PLS Command Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5635
Published : June 5, 2025, 4:15 a.m. | 6 hours, 37 minutes ago
Description : A vulnerability classified as critical was found in PCMan FTP Server 2.0.7. This vulnerability affects unknown code of the component PLS Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 04:15:00 GMT

read more

CVE-2025-5632 - Content-Management-System News-Buzz SQL Injection Vulnerability

CVE ID : CVE-2025-5632
Published : June 5, 2025, 4:15 a.m. | 6 hours, 12 minutes ago
Description : A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/users.php. The manipulation of the argument change_to_admin leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 04:15:00 GMT

read more

CVE-2025-5629 - Tenda AC10 HTTP Handler PPTP Server Buffer Overflow Vulnerability

CVE ID : CVE-2025-5629
Published : June 5, 2025, 3:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability, which was classified as critical, was found in Tenda AC10 up to 15.03.06.47. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg of the component HTTP Handler. The manipulation of the argument startIp/endIp leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 03:15:00 GMT

read more

CVE-2025-5630 - D-Link DIR-816 Remote Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5630
Published : June 5, 2025, 3:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. This vulnerability affects unknown code of the file /goform/form2lansetup.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 03:15:00 GMT

read more

CVE-2025-5631 - Content Management System and News-Buzz SQL Injection Vulnerability

CVE ID : CVE-2025-5631
Published : June 5, 2025, 3:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been classified as critical. Affected is an unknown function of the file /publicposts.php. The manipulation of the argument post leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 03:15:00 GMT

read more

CVE-2025-48432 - Apache Django Log Injection Vulnerability

CVE ID : CVE-2025-48432
Published : June 5, 2025, 3:15 a.m. | 5 hours, 53 minutes ago
Description : An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 03:15:00 GMT

read more

CVE-2025-49466 - AERC Directory Traversal Vulnerability

CVE ID : CVE-2025-49466
Published : June 5, 2025, 3:15 a.m. | 5 hours, 53 minutes ago
Description : aerc before 93bec0d allows directory traversal in commands/msgview/open.go because of direct path concatenation of the name of an attachment part,
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 03:15:00 GMT

read more

CVE-2025-5628 - SourceCodester Food Menu Manager Cross Site Scripting (XSS)

CVE ID : CVE-2025-5628
Published : June 5, 2025, 2:15 a.m. | 6 hours, 53 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in SourceCodester Food Menu Manager 1.0. Affected by this issue is some unknown functionality of the file /index.php of the component Add Menu Handler. The manipulation of the argument name/description leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 02:15:00 GMT

read more

CVE-2025-5626 - Campcodes Online Teacher Record Management System SQL Injection

CVE ID : CVE-2025-5626
Published : June 5, 2025, 1:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability classified as critical has been found in Campcodes Online Teacher Record Management System 1.0. Affected is an unknown function of the file /admin/edit-subjects-detail.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 01:15:00 GMT

read more

CVE-2025-5627 - "Code-projects Patient Record Management System SQL Injection Vulnerability"

CVE ID : CVE-2025-5627
Published : June 5, 2025, 1:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability classified as critical was found in code-projects Patient Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /sputum_form.php. The manipulation of the argument itr_no leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 01:15:00 GMT

read more

CVE-2025-49008 - Atheos Command Injection Vulnerability

CVE ID : CVE-2025-49008
Published : June 5, 2025, 1:15 a.m. | 5 hours, 13 minutes ago
Description : Atheos is a self-hosted browser-based cloud integrated development environment. Prior to version 6.0.4, improper use of `escapeshellcmd()` in `/components/codegit/traits/execute.php` allows argument injection, leading to arbitrary command execution. Atheos administrators and users of vulnerable versions are at risk of data breaches or server compromise. Version 6.0.4 introduces a `Common::safe_execute` function that sanitizes all arguments using `escapeshellarg()` prior to execution and migrated all components potentially vulnerable to similar exploits to use this new templated execution system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 01:15:00 GMT

read more

CVE-2025-5624 - "D-Link DIR-816 Stack-Based Buffer Overflow Vulnerability"

CVE ID : CVE-2025-5624
Published : June 5, 2025, 1:15 a.m. | 5 hours, 13 minutes ago
Description : A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been declared as critical. This vulnerability affects the function QoSPortSetup of the file /goform/QoSPortSetup. The manipulation of the argument port0_group/port0_remarker/ssid0_group/ssid0_remarker leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 01:15:00 GMT

read more

CVE-2025-5625 - Campcodes Online Teacher Record Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5625
Published : June 5, 2025, 1:15 a.m. | 5 hours, 13 minutes ago
Description : A vulnerability was found in Campcodes Online Teacher Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /search-teacher.php. The manipulation of the argument searchteacher leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 01:15:00 GMT

read more

Cybermois 2025

Le Mois européen de la cybersécurité est une initiative européenne (ENISA)
qui vise à sensibiliser aux cybermenaces et aux bons réflexes pour s’en protéger.
En France, il est piloté par Cybermalveillance.gouv.fr

Thu, 05 Jun 2025 01:11:00 GMT

read more

« Histoire de Cyber » : engagez-vous pour le Cybermois 2025

Et si vous deveniez acteur du Cybermois 2025 ? Nous vous invitons à vous engager et à prendre part à une action citoyenne en relayant la campagne de sensibilisation « Histoire de Cyber » tout au long du mois d’octobre. Rejoignez la mobilisation nationale : inscrivez-vous dès maintenant…

Thu, 05 Jun 2025 01:09:00 GMT

read more

Cybermois 2025 : kit de communication

Vous souhaitez communiquer sur le Cybermois 2025 auprès de vos publics, éditer les supports du Cybermois à vos couleurs ou réutiliser des contenus de sensibilisation ? Nous vous mettons à disposition différents outils incluant.

Thu, 05 Jun 2025 01:05:00 GMT

read more

CVE-2025-5620 - D-Link DIR-816 OS Command Injection Vulnerability

CVE ID : CVE-2025-5620
Published : June 5, 2025, 12:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability, which was classified as critical, was found in D-Link DIR-816 1.10CNB05. Affected is the function setipsec_config of the file /goform/setipsec_config. The manipulation of the argument localIP/remoteIP leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 00:15:00 GMT

read more

CVE-2025-5621 - D-Link DIR-816 OS Command Injection Vulnerability

CVE ID : CVE-2025-5621
Published : June 5, 2025, 12:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this vulnerability is the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 00:15:00 GMT

read more

CVE-2025-5622 - D-Link DIR-816 Wireless Stack-Based Buffer Overflow

CVE ID : CVE-2025-5622
Published : June 5, 2025, 12:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability was found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this issue is the function wirelessApcli_5g of the file /goform/wirelessApcli_5g. The manipulation of the argument apcli_mode_5g/apcli_enc_5g/apcli_default_key_5g leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 00:15:00 GMT

read more

CVE-2025-5623 - D-Link DIR-816 Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5623
Published : June 5, 2025, 12:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been classified as critical. This affects the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 00:15:00 GMT

read more

CVE-2025-5618 - PHPGurukul Online Fire Reporting System SQL Injection Vulnerability

CVE ID : CVE-2025-5618
Published : June 4, 2025, 11:15 p.m. | 7 hours, 13 minutes ago
Description : A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. This vulnerability affects unknown code of the file /admin/edit-team.php. The manipulation of the argument teamid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 23:15:00 GMT

read more

CVE-2025-5619 - Tenda CH22 Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5619
Published : June 4, 2025, 11:15 p.m. | 7 hours, 13 minutes ago
Description : A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. This issue affects the function formaddUserName of the file /goform/addUserName. The manipulation of the argument Password leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 23:15:00 GMT

read more

CVE-2025-49007 - Apache Rack Denial of Service Vulnerability

CVE ID : CVE-2025-49007
Published : June 4, 2025, 11:15 p.m. | 6 hours, 13 minutes ago
Description : Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.16, there is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This is very similar to the previous security issue CVE-2022-44571. Carefully crafted input can cause Content-Disposition header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. This header is used typically used in multipart parsing. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted. Version 3.1.16 contains a patch for the vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 23:15:00 GMT

read more

CVE-2025-5616 - PHPGurukul Online Fire Reporting System SQL Injection Vulnerability

CVE ID : CVE-2025-5616
Published : June 4, 2025, 11:15 p.m. | 6 hours, 13 minutes ago
Description : A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 23:15:00 GMT

read more

CVE-2025-5617 - PHPGurukul Online Fire Reporting System SQL Injection Vulnerability

CVE ID : CVE-2025-5617
Published : June 4, 2025, 11:15 p.m. | 6 hours, 13 minutes ago
Description : A vulnerability classified as critical has been found in PHPGurukul Online Fire Reporting System 1.2. This affects an unknown part of the file /admin/manage-teams.php. The manipulation of the argument teamid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 23:15:00 GMT

read more

CVE-2025-5690 - PostgreSQL Anonymizer Mask Data Read Bypass

CVE ID : CVE-2025-5690
Published : June 4, 2025, 10:15 p.m. | 7 hours, 13 minutes ago
Description : PostgreSQL Anonymizer v2.0 and v2.1 contain a vulnerability that allows a masked user to bypass the masking rules defined on a table and read the original data using a database cursor or the --insert option of pg_dump. This problem occurs only when dynamic masking is enabled, which is not the default setting. The problem is resolved in version 2.2.1
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 22:15:00 GMT

read more

CVE-2025-5613 - PHPGurukul Online Fire Reporting System SQL Injection Vulnerability

CVE ID : CVE-2025-5613
Published : June 4, 2025, 10:15 p.m. | 6 hours, 12 minutes ago
Description : A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2 and classified as critical. This issue affects some unknown processing of the file /request-details.php. The manipulation of the argument requestid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 22:15:00 GMT

read more

CVE-2025-5614 - PHPGurukul Online Fire Reporting System SQL Injection

CVE ID : CVE-2025-5614
Published : June 4, 2025, 10:15 p.m. | 6 hours, 12 minutes ago
Description : A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been classified as critical. Affected is an unknown function of the file /search-report-result.php. The manipulation of the argument serachdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 22:15:00 GMT

read more

CVE-2025-5615 - PHPGurukul Online Fire Reporting System SQL Injection Vulnerability

CVE ID : CVE-2025-5615
Published : June 4, 2025, 10:15 p.m. | 6 hours, 12 minutes ago
Description : A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /details.php. The manipulation of the argument requestid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 22:15:00 GMT

read more

CVE-2025-5612 - PHPGurukul Online Fire Reporting System SQL Injection Vulnerability

CVE ID : CVE-2025-5612
Published : June 4, 2025, 9:15 p.m. | 7 hours, 12 minutes ago
Description : A vulnerability has been found in PHPGurukul Online Fire Reporting System 1.2 and classified as critical. This vulnerability affects unknown code of the file /reporting.php. The manipulation of the argument fullname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 21:15:00 GMT

read more

CVE-2025-46341 - FreshRSS HTTP Auth Header Impersonation Vulnerability

CVE ID : CVE-2025-46341
Published : June 4, 2025, 9:15 p.m. | 5 hours, 12 minutes ago
Description : FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, when the server is using HTTP auth via reverse proxy, it's possible to impersonate any user either via the `Remote-User` header or the `X-WebAuth-User` header by making specially crafted requests via the add feed functionality and obtaining the CSRF token via XPath scraping. The attacker has to know the IP address of the proxied FreshRSS instance and the admin's username, while also having an account on the instance. An attacker can send specially crafted requests in order to gain unauthorized access to internal services. This can also lead to privilege escalation like in the demonstrated scenario, although users that have setup OIDC are not affected by privilege escalation. Version 1.26.2 contains a patch for the issue.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 21:15:00 GMT

read more

CVE-2025-48947 - Auth0 Next.js SDK Cache-Control Header Missing Vulnerability

CVE ID : CVE-2025-48947
Published : June 4, 2025, 9:15 p.m. | 5 hours, 12 minutes ago
Description : The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In Auth0 Next.js SDK versions 4.0.1 through 4.6.0, `__session` cookies set by auth0.middleware may be cached by CDNs due to missing Cache-Control headers. Three preconditions must be met in order for someone to be affected by the vulnerability: Applications using the NextJS-Auth0 SDK, versions between 4.0.1 to 4.6.0, applications using CDN or edge caching that caches responses with the Set-Cookie header, and if the Cache-Control header is not properly set for sensitive responses. Users should upgrade auth0/nextjs-auth0 to v4.6.1 to receive a patch.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 21:15:00 GMT

read more

CVE-2025-5610 - CodeAstro Real Estate Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5610
Published : June 4, 2025, 9:15 p.m. | 5 hours, 12 minutes ago
Description : A vulnerability, which was classified as critical, has been found in CodeAstro Real Estate Management System 1.0. Affected by this issue is some unknown functionality of the file /submitpropertydelete.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 21:15:00 GMT

read more

CVE-2025-5611 - CodeAstro Real Estate Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5611
Published : June 4, 2025, 9:15 p.m. | 5 hours, 12 minutes ago
Description : A vulnerability, which was classified as critical, was found in CodeAstro Real Estate Management System 1.0. This affects an unknown part of the file /submitpropertyupdate.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 21:15:00 GMT

read more

CVE-2025-5608 - Tenda AC18 Buffer Overflow Vulnerability

CVE ID : CVE-2025-5608
Published : June 4, 2025, 8:15 p.m. | 6 hours, 12 minutes ago
Description : A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formsetreboottimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 20:15:00 GMT

read more

CVE-2025-5609 - Tenda AC18 Buffer Overflow Vulnerability

CVE ID : CVE-2025-5609
Published : June 4, 2025, 8:15 p.m. | 6 hours, 12 minutes ago
Description : A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 20:15:00 GMT

read more

CVE-2025-32015 - FreshRSS Cross-Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-32015
Published : June 4, 2025, 8:15 p.m. | 3 hours, 27 minutes ago
Description : FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, HTML is sanitized improperly inside the `